Lucene search
GoogleOSV:GHSA-9P47-W5XP-F4XRHistoryNov 09, 2018 - 5:48 p.m.
windows-build-tools downloads Resources over HTTP
2018-11-0917:48:37
Google
osv.dev
7
0.024 Low
EPSS
Percentile
90.1%
Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running windows-build-tools.
Recommendation
Update to version 1.0.0 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| windows-build-tools | lt | 1.0.0 |
References
Related
nodejs
nodejs
Downloads Resources over HTTP
2017-01-05 16:24:43
prion
prion
Remote code execution
2018-05-29 20:29:00
osv
osv
CVE-2017-16003
2018-05-29 20:29:02
cvelist
cvelist
CVE-2017-16003
2018-04-26 00:00:00
github
github
windows-build-tools downloads Resources over HTTP
2018-11-09 17:48:37
veracode
veracode
Man In The Middle (MitM)
2017-02-22 07:44:28
cve
cve
CVE-2017-16003
2018-05-29 20:29:02
nvd
nvd
CVE-2017-16003
2018-05-29 20:29:02