Skip to content

Selenium 4.2.0 Version Vulnerability #2720

Open

Description

Selenium Version Vulnerability: selenium>=3.141.0,<=4.2.0

using dash 2.14.2

Describe the bug

We are using Synk to scan the dependencies of our project, which is using the latest version of dash. The Synk scan is showing these vulnerabilities (Snyk: CVSS 7.5 NVD: CVSS 7.5), as a result of the selenium version being kept below 4.2.0 here.

Expected behavior

We expect there not to be open high vulnerabilities in the dash application - although they are only exposed through testing.

A suggestion is that this dependency on selenium is either upgraded, or removed from the client-facing installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

P3backlogbugsomething brokeninfrastructurebuild process etc.sev-1blocker

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions