Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/chromedriver@2.30.1
Typenpm
Namespace
Namechromedriver
Version2.30.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version119.0.1
Latest_non_vulnerable_version119.0.1
Affected_by_vulnerabilities
0
url VCID-gdc1-uy36-tugy
vulnerability_id VCID-gdc1-uy36-tugy
summary 
chromedriver Command Injection vulnerability
Versions of the package chromedriver before 119.0.1 is vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.

**Note:**

An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26156
reference_id
reference_type
scores
0
value 0.00771
scoring_system epss
scoring_elements 0.73928
published_at 2026-06-07T12:55:00Z
1
value 0.00771
scoring_system epss
scoring_elements 0.73901
published_at 2026-06-04T12:55:00Z
2
value 0.00771
scoring_system epss
scoring_elements 0.73937
published_at 2026-06-05T12:55:00Z
3
value 0.00771
scoring_system epss
scoring_elements 0.73942
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26156
1
reference_url https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18
2
reference_url https://github.com/giggio/node-chromedriver
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/giggio/node-chromedriver
3
reference_url https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815
4
reference_url https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:39:19Z/
url https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26156
reference_id CVE-2023-26156
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26156
6
reference_url https://github.com/advisories/GHSA-hm92-vgmw-qfmx
reference_id GHSA-hm92-vgmw-qfmx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm92-vgmw-qfmx
fixed_packages
0
url pkg:npm/chromedriver@119.0.1
purl pkg:npm/chromedriver@119.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@119.0.1
aliases CVE-2023-26156, GHSA-hm92-vgmw-qfmx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdc1-uy36-tugy
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.30.1