Lucene search
K

GHSA-H2R4-4XGF-3865 Downloads Resources over HTTP in product-monitor

🗓️ 18 Feb 2019 23:35:32Reported by GoogleType 
osv
 osv
🔗 osv.dev👁 21 Views

Affected versions of `product-monitor` insecurely download an executable over an unencrypted HTTP connection. It is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system

Related
Refs
ReporterTitlePublishedViews
Family
CNVD
install-nw code execution vulnerability (CNVD-2018-10902)
31 May 201800:00
cnvd
CVE
CVE-2016-10567
29 May 201820:00
cve
Cvelist
CVE-2016-10567
29 May 201820:00
cvelist
EUVD
EUVD-2019-0296
7 Oct 202500:30
euvd
Github Security Blog
Downloads Resources over HTTP in product-monitor
18 Feb 201923:35
github
Node.js
Downloads Resources over HTTP
30 Nov 201621:50
nodejs
NVD
CVE-2016-10567
29 May 201820:29
nvd
OSV
CVE-2016-10567
29 May 201820:29
osv
Prion
Design/Logic Flaw
29 May 201820:29
prion
Veracode
Man In The Middle (MitM)
19 Dec 201607:10
veracode
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Nov 2023 03:58Current
8.1High risk
Vulners AI Score8.1
CVSS 38.1
CVSS 29.3
EPSS0.01682
21