Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-2wrq-wmqf-8vcc

GitHub Security Advisory

Downloads Resources over HTTP in operadriver

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

operadriver is a Opera Driver for Selenium.

operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

## Recommendation

Update to version 0.2.3 or later.

Affected Packages

npm operadriver
Affected versions: 0 (fixed in 0.2.3)

Related CVEs

CVE-2016-10565

Key Information

GHSA ID
GHSA-2wrq-wmqf-8vcc
Published
February 18, 2019 11:35 PM
Last Modified
August 31, 2020 6:14 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
operadriver
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.