Back to search
CVE-2020-15660
Published: Jul 20, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/mozilla/geckodriver/releases/tag/v0.27.0
x_refsource_MISC
[oss-security] 20220207 Browser-mediated attacks on WebDriver servers
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now