Downloads Resources over HTTPappium-chromedriver
Affected versions of
appium-chromedriver insecurely download resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary.
Update to version 2.9.4 or later.
publishedAdvisory publishedDec 6th, 2016
reportedInitial report by Adam BaldwinNov 30th, 2016