High severityNVD Advisory· Published Jun 4, 2018· Updated Sep 16, 2024

CVE-2016-10691

Description

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
windows-seleniumjarnpm	<= 2.48.2	—

Affected products

Hackerone/Windows Seleniumjar Node Modulev5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-m79w-4mqv-r39fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-10691ghsaADVISORY
nodesecurity.io/advisories/296mitrex_refsource_MISC
www.npmjs.com/advisories/296ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000