GHSA-hc94-2wfr-4pwf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hc94-2wfr-4pwf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-hc94-2wfr-4pwf/GHSA-hc94-2wfr-4pwf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hc94-2wfr-4pwf
- Aliases
- Published
- 2019-02-18T23:40:19Z
- Modified
- 2023-11-08T03:58:12.448933Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- appium-chromedriver downloads Resources over HTTP
- Details
-
Affected versions of
appium-chromedriverinsecurely download resources over HTTP.In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary.
Recommendation
Update to version 2.9.4 or later.
- Database specific
{ "github_reviewed_at": "2020-06-16T21:39:54Z", "cwe_ids": [ "CWE-311" ], "nvd_published_at": null, "severity": "HIGH", "github_reviewed": true }- References
Affected packages
npm / appium-chromedriver
Package
- Name
- appium-chromedriver
- View open source insights on deps.dev
- Purl
- pkg:npm/appium-chromedriver