chromedriver Command Injection vulnerability

Severity:: Medium

Description

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.

Recommendation

Update the chromedriver package to the latest compatible version. Followings are version details:

Affected version(s): < 119.0.1
Patched version(s): 119.0.1

References

GHSA-hm92-vgmw-qfmx
security.snyk.io
CVE-2023-26156
CWE-78
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
Cross Site Scripting vulnerability in store2 - CVE-2024-57556
json-logic-js Command Injection vulnerability - CVE-2021-4329
Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735

Tags:: npm; chromedriver

Anything's wrong? Let us know Last updated on November 17, 2023