CVE-2016-10589

HIGH

Spunjs Selenium-binaries < 0.10.0 - Missing Encryption

Title source: rule
STIX 2.1

Description

selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/175

Scores

CVSS v3 8.1
EPSS 0.0073
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-310 CWE-311
Status published
Products (2)
npm/selenium-binaries 0 - 0.15.0npm
spunjs/selenium-binaries < 0.10.0
Published May 29, 2018
Tracked Since Feb 18, 2026