7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%
chromedriver is vulnerable to Command Injection. This vulnerability allows an attacker to execute arbitrary commands on the host system by setting the chromedriver.path
to an arbitrary system binary. The attacker could exploit this vulnerability by tricking a user into running a specially crafted ChromeDriver binary. The binary would contain a malicious command that would be executed when the user starts the ChromeDriver.
CPE | Name | Operator | Version |
---|---|---|---|
chromedriver | le | 119.0.0 | |
chromedriver | le | 119.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%