CVE-2022-28109

by Fred · 15/04/2022

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.

Date published : 2022-04-15

https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/

https://www.openwall.com/lists/oss-security/2022/02/07/3

CVE-2022-28109

Similar

Recent Posts

Categories

CVE-2022-28109

Share this:

Similar

Recent Posts

Categories

Tags