CVE-2016-10623

Name of the Vulnerable Software and Affected Versions macaca-chromedriver-zxa (affected versions not specified)

Description The issue allows for a man-in-the-middle (MITM) attack due to the download of binary resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker swaps the requested binary with a malicious one, assuming the attacker has a privileged network position.

Recommendations To mitigate the issue, manually set the download URL to a safe HTTPS server via the CHROMEDRIVER CDNURL environment variable. Alternatively, reduce the risk of exploitation by avoiding installation of this package while connected to a public network, thus limiting potential attackers to those with compromised network access or privileged ISP access.