QID 983974
QID 983974: Nodejs (npm) Security Update for appium-chromedriver (GHSA-hc94-2wfr-4pwf)
Affected versions of `appium-chromedriver` insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary. ## Recommendation Update to version 2.9.4 or later.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-hc94-2wfr-4pwf for updates pertaining to this vulnerability.
Vendor References
- GHSA-hc94-2wfr-4pwf -
github.com/advisories/GHSA-hc94-2wfr-4pwf
CVEs related to QID 983974
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-hc94-2wfr-4pwf | appium-chromedriver |
|