6 matches found
EUVD-2018-0208
Malware in sbrugna...
browsertime (>=1.0.0-alpha.0 <=1.0.0-beta.17), gome-sitespeed.io (>=1.0.0 <=1.2.3) +6 more potentially affected by CVE-2016-10694 via alto-saxophone (>=2.21.0 <=2.25.0)
alto-saxophone NPM version =2.21.0, =1.0.0-alpha.0, =1.0.0, =1.0.0, =4.0.0, =0.2.0, =0.1.0, =0.1.3 Source cves: CVE-2016-10694 Source advisory: OSV:GHSA-2P69-GXPM-5469...
alto-saxophone code execution vulnerability
alto-saxophone is a module for installing and running Chromedriver on multiple platforms. A security vulnerability exists in alto-saxophone. The vulnerability stems from the program downloading binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...
CVE-2016-10694
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary...
Remote code execution
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary...
CVE-2016-10694
The CVE-2016-10694 entry concerns the alto-saxophone module used to install and launch Chromedriver on Mac, Linux, or Windows. Versions below 2.25.1 download binary resources over HTTP, allowing MITM manipulation of the binary and potentially enabling remote code execution if an attacker on the n...