NetExec 路径遍历漏洞

NetExec is a network execution tool developed by Pennyworth under open source. Versions of NetExec prior to 1.5.1 contained a path traversal vulnerability. This vulnerability stemmed from improper creation of file paths, which could lead to arbitrary file writing attacks...

alfred2 (=2.0.1), gordon (>=0.0.2 <=0.0.4) potentially affected by CVE-2016-10619 via pennyworth (>=0.0.3 <=0.0.5)

pennyworth NPM version =0.0.3, =0.0.2, =0.0.4 Source cves: CVE-2016-10619 Source advisory: OSV:GHSA-X3J8-G4V9-67JQ...

GHSA-X3J8-G4V9-67JQ Downloads Resources over HTTP in pennyworth

Affected versions of pennyworth insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavi...

Downloads Resources over HTTP in pennyworth

Affected versions of pennyworth insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavi...

CVE-2016-10619

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10619

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Design/Logic Flaw

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10619

CVE-2016-10619 concerns pennyworth, a natural language templating engine that downloads data resources over HTTP, making it vulnerable to MITM attacks. The connected advisories confirm that insecure HTTP resource loading can allow an attacker with a privileged network position to modify/read reso...

CVE-2016-10619

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Downloads Resources over HTTP

Overview Affected versions of pennyworth insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on t...