logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-28108 selenium

Package

Manager: pip
Name: selenium
Vulnerable Version: =0.9.2 || =1.0.1 || =1.0.3 || =2.0-dev || =2.0-dev-9138 || =2.0-dev-9212 || =2.0-dev-9231 || =2.0-dev-9284 || =2.0-dev-9306 || =2.0-dev-9307 || =2.0-dev-9310 || =2.0-dev-9338 || =2.0-dev-9340 || =2.0-dev-9341 || =2.0-dev-9429 || =2.0.0 || =2.0.1 || =2.0a5 || =2.0b2 || =2.0b3 || =2.0b3dev || =2.0b4dev || =2.0dev1 || =2.0dev2 || =2.0dev3 || =2.0dev4 || =2.0dev5 || =2.0dev6 || =2.0rc1 || =2.0rc2 || =2.0rc3 || =2.1.0 || =2.10.0 || =2.11.0 || =2.11.1 || =2.12.0 || =2.12.1 || =2.13.0 || =2.13.1 || =2.14.0 || =2.15.0 || =2.16.0 || =2.17.0 || =2.18.1 || =2.19.0 || =2.19.1 || =2.2.0 || =2.20.0 || =2.21.0 || =2.21.1 || =2.21.2 || =2.21.3 || =2.22.0 || =2.22.1 || =2.23.0 || =2.24.0 || =2.25.0 || =2.26.0 || =2.27.0 || =2.28.0 || =2.29.0 || =2.3.0 || =2.30.0 || =2.31.0 || =2.32.0 || =2.33.0 || =2.34.0 || =2.35.0 || =2.36.0 || =2.37.0 || =2.37.1 || =2.37.2 || =2.38.0 || =2.38.1 || =2.38.2 || =2.38.3 || =2.38.4 || =2.39.0 || =2.4.0 || =2.40.0 || =2.41.0 || =2.42.0 || =2.42.1 || =2.43.0 || =2.44.0 || =2.45.0 || =2.46.0 || =2.46.1 || =2.47.0 || =2.47.1 || =2.47.2 || =2.47.3 || =2.48.0 || =2.49.0 || =2.49.1 || =2.49.2 || =2.5.0 || =2.50.0 || =2.50.1 || =2.51.0 || =2.51.1 || =2.52.0 || =2.53.0 || =2.53.1 || =2.53.2 || =2.53.3 || =2.53.4 || =2.53.5 || =2.53.6 || =2.6.0 || =2.7.0 || =2.8.0 || =2.8.1 || =2.9.0 || =3.0.0 || =3.0.0b1 || =3.0.0b2 || =3.0.0b3 || =3.0.1 || =3.0.2 || =3.10.0 || =3.11.0 || =3.12.0 || =3.13.0 || =3.14.0 || =3.14.1 || =3.141.0 || =3.3.0 || =3.3.1 || =3.3.2 || =3.3.3 || =3.4.0 || =3.4.1 || =3.4.2 || =3.4.3 || =3.5.0 || =3.6.0 || =3.7.0 || =3.8.0 || =3.8.1 || =3.9.0 || =4.0.0.a7 || =4.0.0.b1 || =4.0.0.b2 || =4.0.0.b2.post1 || =4.0.0.b3 || =4.0.0.b4 || =4.0.0.rc1 || =4.0.0a1 || =4.0.0a3 || =4.0.0a5 || =4.0.0a6 || =4.0.0a6.post1 || =4.0.0a6.post2 || =4.0.0rc2 || =4.0.0rc3 || >=0 <4.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.70394 pctl0.98637

Details

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.

Metadata

Created: 2022-04-19T03:15:00Z
Modified: 2024-11-22T21:12:10.893429Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F007
Auto approve: 1