CVE-2016-10589

Name of the Vulnerable Software and Affected Versions selenium-binaries versions prior to 0.15.0

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the download and replaces the binary with a malicious one. This is particularly concerning in scenarios where an attacker has a privileged network position.

Recommendations For versions prior to 0.15.0, update to version 0.15.0 to resolve the issue. As a temporary workaround, consider using an alternate package, such as selenium-webdriver, the official selenium bindings for node.js, to minimize the risk of exploitation.