Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2km2-6euv-h3hx

Summary

chromedriver Downloads Resources over HTTP
Affected versions of `chromedriver` insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.

Aliases

alias	CVE-2016-10579

alias	GHSA-jh5w-6964-x5cf

Fixed_packages

url pkg:npm/chromedriver@2.25.2

purl pkg:npm/chromedriver@2.25.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.25.2

Affected_packages

url pkg:npm/chromedriver@2.0.0

purl pkg:npm/chromedriver@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.0.0

url pkg:npm/chromedriver@2.0.1

purl pkg:npm/chromedriver@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.0.1

url pkg:npm/chromedriver@2.2.0

purl pkg:npm/chromedriver@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.2.0

url pkg:npm/chromedriver@2.3.0

purl pkg:npm/chromedriver@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.3.0

url pkg:npm/chromedriver@2.6.0

purl pkg:npm/chromedriver@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.6.0

url pkg:npm/chromedriver@2.8.0

purl pkg:npm/chromedriver@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.8.0

url pkg:npm/chromedriver@2.8.1

purl pkg:npm/chromedriver@2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.8.1

url pkg:npm/chromedriver@2.9.0

purl pkg:npm/chromedriver@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.9.0

url pkg:npm/chromedriver@2.9.1-0

purl pkg:npm/chromedriver@2.9.1-0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.9.1-0

url pkg:npm/chromedriver@2.9.1-1

purl pkg:npm/chromedriver@2.9.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.9.1-1

url pkg:npm/chromedriver@2.10.0-1

purl pkg:npm/chromedriver@2.10.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.10.0-1

url pkg:npm/chromedriver@2.10.0

purl pkg:npm/chromedriver@2.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.10.0

url pkg:npm/chromedriver@2.11.0

purl pkg:npm/chromedriver@2.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.11.0

url pkg:npm/chromedriver@2.12.0

purl pkg:npm/chromedriver@2.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.12.0

url pkg:npm/chromedriver@2.13.0

purl pkg:npm/chromedriver@2.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.13.0

url pkg:npm/chromedriver@2.14.0

purl pkg:npm/chromedriver@2.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.14.0

url pkg:npm/chromedriver@2.14.1

purl pkg:npm/chromedriver@2.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.14.1

url pkg:npm/chromedriver@2.15.0

purl pkg:npm/chromedriver@2.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.15.0

url pkg:npm/chromedriver@2.15.1

purl pkg:npm/chromedriver@2.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.15.1

url pkg:npm/chromedriver@2.15.2

purl pkg:npm/chromedriver@2.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.15.2

url pkg:npm/chromedriver@2.16.0

purl pkg:npm/chromedriver@2.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.16.0

url pkg:npm/chromedriver@2.18.0

purl pkg:npm/chromedriver@2.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.18.0

url pkg:npm/chromedriver@2.19.0

purl pkg:npm/chromedriver@2.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.19.0

url pkg:npm/chromedriver@2.20.0

purl pkg:npm/chromedriver@2.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.20.0

url pkg:npm/chromedriver@2.21.0

purl pkg:npm/chromedriver@2.21.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.21.0

url pkg:npm/chromedriver@2.21.1

purl pkg:npm/chromedriver@2.21.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.21.1

url pkg:npm/chromedriver@2.21.2

purl pkg:npm/chromedriver@2.21.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.21.2

url pkg:npm/chromedriver@2.22.0

purl pkg:npm/chromedriver@2.22.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.22.0

url pkg:npm/chromedriver@2.22.1

purl pkg:npm/chromedriver@2.22.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.22.1

url pkg:npm/chromedriver@2.22.2

purl pkg:npm/chromedriver@2.22.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.22.2

url pkg:npm/chromedriver@2.23.0

purl pkg:npm/chromedriver@2.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.23.0

url pkg:npm/chromedriver@2.23.1

purl pkg:npm/chromedriver@2.23.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.23.1

url pkg:npm/chromedriver@2.24.0

purl pkg:npm/chromedriver@2.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.24.0

url pkg:npm/chromedriver@2.24.1

purl pkg:npm/chromedriver@2.24.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.24.1

url pkg:npm/chromedriver@2.25.0

purl pkg:npm/chromedriver@2.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.25.0

url pkg:npm/chromedriver@2.25.1

purl pkg:npm/chromedriver@2.25.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2km2-6euv-h3hx

vulnerability	VCID-gdc1-uy36-tugy

vulnerability	VCID-y8he-99ah-g3ep

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/chromedriver@2.25.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10579

reference_id

reference_type

scores

value	0.00765
scoring_system	epss
scoring_elements	0.73848
published_at	2026-06-05T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73811
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10579

reference_url

https://github.com/giggio/node-chromedriver

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/giggio/node-chromedriver

reference_url

https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56

reference_url

https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/giggio/node-chromedriver/issues/78#issuecomment-266314859

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10579

reference_id

CVE-2016-10579

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10579

reference_url

https://github.com/advisories/GHSA-jh5w-6964-x5cf

reference_id

GHSA-jh5w-6964-x5cf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh5w-6964-x5cf

Weaknesses

cwe_id	311
name	Missing Encryption of Sensitive Data
description	The product does not encrypt sensitive or critical information before storage or transmission.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2km2-6euv-h3hx

Vulnerability Instance