Description
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.
Recommendation
Update the chromedriver package to the latest compatible version. Followings are version details:
- Affected version(s): < 119.0.1
- Patched version(s): 119.0.1
References
Related Issues
- chromedriver Downloads Resources over HTTP - CVE-2016-10579
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Tags:
- npm
- chromedriver
Anything's wrong? Let us know Last updated on November 17, 2023