Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/chromedriver@2.13.0
Typenpm
Namespace
Namechromedriver
Version2.13.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version119.0.1
Latest_non_vulnerable_version119.0.1
Affected_by_vulnerabilities
0
url VCID-2km2-6euv-h3hx
vulnerability_id VCID-2km2-6euv-h3hx
summary 
chromedriver Downloads Resources over HTTP
Affected versions of `chromedriver` insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10579
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73848
published_at 2026-06-05T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73811
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10579
1
reference_url https://github.com/giggio/node-chromedriver
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver
2
reference_url https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
3
reference_url https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10579
reference_id CVE-2016-10579
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10579
5
reference_url https://github.com/advisories/GHSA-jh5w-6964-x5cf
reference_id GHSA-jh5w-6964-x5cf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh5w-6964-x5cf
fixed_packages
0
url pkg:npm/chromedriver@2.25.2
purl pkg:npm/chromedriver@2.25.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdc1-uy36-tugy
1
vulnerability VCID-y8he-99ah-g3ep
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.25.2
aliases CVE-2016-10579, GHSA-jh5w-6964-x5cf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2km2-6euv-h3hx
1
url VCID-gdc1-uy36-tugy
vulnerability_id VCID-gdc1-uy36-tugy
summary 
chromedriver Command Injection vulnerability
Versions of the package chromedriver before 119.0.1 is vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.

**Note:**

An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26156
reference_id
reference_type
scores
0
value 0.00771
scoring_system epss
scoring_elements 0.73937
published_at 2026-06-05T12:55:00Z
1
value 0.00771
scoring_system epss
scoring_elements 0.73901
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26156
1
reference_url https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18
2
reference_url https://github.com/giggio/node-chromedriver
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver
3
reference_url https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815
4
reference_url https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26156
reference_id CVE-2023-26156
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26156
6
reference_url https://github.com/advisories/GHSA-hm92-vgmw-qfmx
reference_id GHSA-hm92-vgmw-qfmx
reference_type
scores
url https://github.com/advisories/GHSA-hm92-vgmw-qfmx
fixed_packages
0
url pkg:npm/chromedriver@119.0.1
purl pkg:npm/chromedriver@119.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@119.0.1
aliases CVE-2023-26156, GHSA-hm92-vgmw-qfmx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdc1-uy36-tugy
2
url VCID-y8he-99ah-g3ep
vulnerability_id VCID-y8he-99ah-g3ep
summary 
Downloads Resources over HTTP
Chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
references
fixed_packages
0
url pkg:npm/chromedriver@2.26.1
purl pkg:npm/chromedriver@2.26.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdc1-uy36-tugy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.26.1
aliases GMS-2016-112
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8he-99ah-g3ep
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.13.0