geckodriver
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4138 | 0.00 | — | 0.01 | May 2, 2022 | Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | |||
| CVE-2020-15660 | 0.00 | — | 0.01 | Jul 20, 2021 | Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. |
- CVE-2021-4138May 2, 2022risk 0.00cvss —epss 0.01
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
- CVE-2020-15660Jul 20, 2021risk 0.00cvss —epss 0.01
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.