Description

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Remediation

References

https://nodesecurity.io/advisories/224

Related Vulnerabilities

CVE-2022-1291 Vulnerability in maven package org.webjars.npm:github-com-hhurz-tableexport-jquery-plugin

CVE-2018-1000836 Vulnerability in maven package org.bedework.caleng:bw-calendar-engine-impl

CVE-2016-3088 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2022-0748 Vulnerability in npm package post-loader

CVE-2016-5016 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory