CVE-2016-10579: chromedriver Downloads Resources over HTTP
(updated )
Affected versions of chromedriver
insecurely download resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.
References
Code Behaviors & Features
Detect and mitigate CVE-2016-10579 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →