VYPR

npm package

selenium-download

pkg:npm/selenium-download

Vulnerabilities (1)

  • CVE-2016-10559HigMay 29, 2018
    affected < 2.0.7fixed 2.0.7

    selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swap