Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/chromedriver@2.23.1
Typenpm
Namespace
Namechromedriver
Version2.23.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.26.1
Latest_non_vulnerable_version119.0.1
Affected_by_vulnerabilities
0
url VCID-2km2-6euv-h3hx
vulnerability_id VCID-2km2-6euv-h3hx
summary 
chromedriver Downloads Resources over HTTP
Affected versions of `chromedriver` insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10579
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73848
published_at 2026-06-05T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73811
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10579
1
reference_url https://github.com/giggio/node-chromedriver
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver
2
reference_url https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
3
reference_url https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10579
reference_id CVE-2016-10579
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10579
5
reference_url https://github.com/advisories/GHSA-jh5w-6964-x5cf
reference_id GHSA-jh5w-6964-x5cf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh5w-6964-x5cf
fixed_packages
0
url pkg:npm/chromedriver@2.25.2
purl pkg:npm/chromedriver@2.25.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y8he-99ah-g3ep
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.25.2
aliases CVE-2016-10579, GHSA-jh5w-6964-x5cf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2km2-6euv-h3hx
1
url VCID-y8he-99ah-g3ep
vulnerability_id VCID-y8he-99ah-g3ep
summary 
Downloads Resources over HTTP
Chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
references
fixed_packages
0
url pkg:npm/chromedriver@2.26.1
purl pkg:npm/chromedriver@2.26.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.26.1
aliases GMS-2016-112
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8he-99ah-g3ep
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.23.1