CVE-2020-15660 log

Severity Medium
Remote Yes
Type Cross-site request forgery
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a cross-site request forgery (CSRF) vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-2180 geckodriver 0.26.0-1 0.29.1-1 Medium Fixed FS#71558
Date Advisory Group Package Severity Type
27 Jul 2021 ASA-202107-71 AVG-2180 geckodriver Medium cross-site request forgery