Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
8.8CVSS
8.9AI Score
0.002EPSS
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
5.3CVSS
5.1AI Score
0.001EPSS