Selenium 4.2.0 Version Vulnerability #2720
Description
Selenium Version Vulnerability: selenium>=3.141.0,<=4.2.0
using dash 2.14.2
Describe the bug
We are using Synk to scan the dependencies of our project, which is using the latest version of dash. The Synk scan is showing these vulnerabilities (Snyk: CVSS 7.5 NVD: CVSS 7.5), as a result of the selenium version being kept below 4.2.0 here.
Expected behavior
We expect there not to be open high vulnerabilities in the dash application - although they are only exposed through testing.
A suggestion is that this dependency on selenium is either upgraded, or removed from the client-facing installation.