RubySec

Providing security resources for the Ruby community

CVE-2023-5590 (selenium-webdriver): NULL Pointer Dereference in seleniumhq/selenium

NULL Pointer Dereference in seleniumhq/selenium

Published: October 23, 2023

SECURITY IDENTIFIERS

GEM

selenium-webdriver

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

>= 4.14.0

DESCRIPTION

This is a null pointer dereference that causes the IE driver to crash when selenium gets the cookies from an attacker controlled page. At a high level, the bug is caused by an insufficient check on data returned from Edge (Internet Explorer mode).

RELATED