Nanoscale Parts Manufacturing
Severity: high

Downloads Resources over HTTP

appium-chromedriver

Overview

Affected versions of appium-chromedriver insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary.

Remediation

Update to version 2.9.4 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Dec 6th, 2016
  2. reported

    Nov 30th, 2016