Affected versions of `ezseed-transmission` download and run a script over an HTTP connection.
An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running `ezseed-transmission`.
## Recommendation
Update to version 0.0.15 or later.
{"id": "GHSA-P788-RJ37-357W", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Insecure Defaults Leads to Potential MITM in ezseed-transmission", "description": "Affected versions of `ezseed-transmission` download and run a script over an HTTP connection.\n\nAn attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running `ezseed-transmission`.\n\n\n\n## Recommendation\n\nUpdate to version 0.0.15 or later.", "published": "2020-09-01T15:26:35", "modified": "2021-09-23T21:28:15", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://github.com/advisories/GHSA-p788-rj37-357w", "reporter": "GitHub Advisory Database", "references": ["https://www.npmjs.com/advisories/114", "https://nvd.nist.gov/vuln/detail/CVE-2016-1000224", "https://snyk.io/vuln/npm:ezseed-transmission:20160729", "https://github.com/advisories/GHSA-p788-rj37-357w"], "cvelist": ["CVE-2016-1000224"], "immutableFields": [], "lastseen": "2022-04-30T13:47:21", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "nodejs", "idList": ["NODEJS:114"]}, {"type": "osv", "idList": ["OSV:GHSA-P788-RJ37-357W"]}], "rev": 4}, "score": {"value": 6.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-1000224"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "nodejs", "idList": ["NODEJS:114"]}]}, "exploitation": null, "vulnersScore": 6.1}, "_state": {"dependencies": 0}, "_internal": {}, "affectedSoftware": [{"version": "0.0.10", "operator": "ge", "ecosystem": "NPM", "name": "ezseed-transmission"}, {"version": "0.0.14", "operator": "le", "ecosystem": "NPM", "name": "ezseed-transmission"}]}
{"nodejs": [{"lastseen": "2021-09-23T06:36:00", "description": "## Overview\n\nAffected versions of `ezseed-transmission` download and run a script over an HTTP connection.\n\nAn attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running `ezseed-transmission`.\n\n\n## Recommendation\n\nUpdate to version 0.0.15 or later.\n\n## References\n\n[GitHub Advisory](https://github.com/advisories/GHSA-p788-rj37-357w)", "cvss3": {}, "published": "2016-05-05T22:29:59", "type": "nodejs", "title": "Insecure Defaults Leads to Potential MITM", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000224"], "modified": "2021-09-23T07:59:56", "id": "NODEJS:114", "href": "https://www.npmjs.com/advisories/114", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-05-11T21:40:23", "description": "Affected versions of `ezseed-transmission` download and run a script over an HTTP connection.\n\nAn attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running `ezseed-transmission`.\n\n\n\n## Recommendation\n\nUpdate to version 0.0.15 or later.", "cvss3": {}, "published": "2020-09-01T15:26:35", "type": "osv", "title": "Insecure Defaults Leads to Potential MITM in ezseed-transmission", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000224"], "modified": "2021-09-23T21:28:12", "id": "OSV:GHSA-P788-RJ37-357W", "href": "https://osv.dev/vulnerability/GHSA-p788-rj37-357w", "cvss": {"score": 0.0, "vector": "NONE"}}]}
Insecure Defaults Leads to Potential MITM in ezseed-transmission
