Open
Description
openedon Dec 28, 2023
Selenium Version Vulnerability: selenium>=3.141.0,<=4.2.0
using dash 2.14.2
Describe the bug
We are using Synk to scan the dependencies of our project, which is using the latest version of dash. The Synk scan is showing these vulnerabilities (Snyk: CVSS 7.5 NVD: CVSS 7.5), as a result of the selenium version being kept below 4.2.0 here.
Expected behavior
We expect there not to be open high vulnerabilities in the dash application - although they are only exposed through testing.
A suggestion is that this dependency on selenium is either upgraded, or removed from the client-facing installation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment