[SECURITY] Fedora 35 Update: golang-github-tdewolff-minify-2.11.10-3.fc35

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

closurecompiler downloads Resources over HTTP

Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

apeman-demo-static (>=2.0.0 <=2.0.8), apeman-demo-web (=3.0.1) +23 more potentially affected by CVE-2016-10582 via closurecompiler (>=1.1.4 <=1.6.1)

closurecompiler NPM version =1.1.4, =2.0.0, =1.5.6, =1.0.0, =0.2.0, =0.1.0, =0.4.0, =0.9.0, =1.0.0, =0.3.0, =0.1.0, =0.1.3, =0.0.1, =0.1.1 - makona-editor =0.0.1 and more Source cves: CVE-2016-10582 Source advisory: OSV:GHSA-HJGP-8FFR-HWWR...

CVE-2016-10582

closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10582

closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10582

Closurecompiler (Node.js) is affected by a vulnerability where it downloads binary resources over HTTP, enabling MITM interference and potentially remote code execution if an attacker can replace the binary in transit. On the connected advisories, the issue is described for closurecompiler with t...

Man In The Middle (MitM)

closurecompiler is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Downloads Resources over HTTP

Overview Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...