Selenium 4.2.0 Version Vulnerability #2720

cbarrett3 · 2023-12-28T18:58:55Z

Selenium Version Vulnerability: selenium>=3.141.0,<=4.2.0

using dash 2.14.2

Describe the bug

We are using Synk to scan the dependencies of our project, which is using the latest version of dash. The Synk scan is showing these vulnerabilities (Snyk: CVSS 7.5 NVD: CVSS 7.5), as a result of the selenium version being kept below 4.2.0 here.

Expected behavior

We expect there not to be open high vulnerabilities in the dash application - although they are only exposed through testing.

A suggestion is that this dependency on selenium is either upgraded, or removed from the client-facing installation.

The text was updated successfully, but these errors were encountered:

tscheburaschka · 2024-06-18T08:50:21Z

I am also hit by this upper boundary on the selenium version. Is there a particular reason for this?

gvwilson · 2024-07-26T13:02:41Z

cc @mike-sol

Coding-with-Adam added infrastructure build process etc. P1 needed for current cycle labels Jan 3, 2024

Coding-with-Adam added sev-1 blocker and removed P1 needed for current cycle labels Jan 18, 2024

gvwilson assigned T4rk1n Jul 26, 2024

gvwilson added P3 backlog bug something broken labels Aug 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Selenium 4.2.0 Version Vulnerability #2720

Selenium 4.2.0 Version Vulnerability #2720

Selenium 4.2.0 Version Vulnerability #2720

Selenium 4.2.0 Version Vulnerability #2720

Comments