High severity8.8NVD Advisory· Published Apr 15, 2022· Updated Jun 17, 2026
CVE-2022-28109
CVE-2022-28109
Description
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: before 4.0.0-alpha-7
Patches
Vulnerability mechanics
References
3- www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/nvdExploitMitigationThird Party Advisory
- www.openwall.com/lists/oss-security/2022/04/16/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2022/02/07/3nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.