CVE-2023-5590 (High) detected in selenium-webdriver-4.0.0-alpha.7.tgz #9054
Labels
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-5590 - High Severity Vulnerability
The official WebDriver JavaScript bindings from the Selenium project
Library home page: https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.0.0-alpha.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/selenium-webdriver/package.json
Dependency Hierarchy:
Found in base branch: main
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
Publish Date: 2023-10-15
URL: CVE-2023-5590
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99/
Release Date: 2023-10-15
Fix Resolution: selenium-4.14.0;org.seleniumhq.selenium:selenium-ie-driver:4.14.1;Selenium.WebDriver - 4.14.1;selenium - 4.15.1;selenium-webdriver:4.20.1
The text was updated successfully, but these errors were encountered: