CVE-2016-10579 – chromedriver

Package

Manager: npm
Name: chromedriver
Vulnerable Version: >=0 <2.25.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00807 pctl0.73204

Details

chromedriver Downloads Resources over HTTP Affected versions of `chromedriver` insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one. ## Recommendation Update to version 2.26.1 or later.

Metadata

Created: 2019-02-18T23:58:05Z
Modified: 2025-07-11T14:30:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-jh5w-6964-x5cf/GHSA-jh5w-6964-x5cf.json
CWE IDs: ["CWE-311"]
Alternative ID: GHSA-jh5w-6964-x5cf
Finding: F020
Auto approve: 1