app-bundle-info (>=0.0.4 <=0.2.2), chromeos-apk (>=1.0.0 <=2.0.0) +1 more potentially affected by CVE-2016-10632 via apk-parser2 (=0.1.1)

apk-parser2 NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on apk-parser2 and may be impacted: - app-bundle-info =0.0.4, =1.0.0, =1.0.0, =1.1.0 Source cves: CVE-2016-10632 Source advisory: OSV:GHSA-HXHM-3VJ9-6CQH...

apk-parser2 downloads Resources over HTTP

Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-HXHM-3VJ9-6CQH apk-parser2 downloads Resources over HTTP

Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Man-in-the-Middle (MitM)

Apk-Parser2 is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution RCE ...

CVE-2016-10632

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...

CVE-2016-10632

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...

Remote code execution

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...

CVE-2016-10632

CVE-2016-10632 affects apk-parser2, which downloads binary resources over HTTP. In network positions where an attacker can intercept traffic, the executable could be swapped with a malicious one, potentially leading to remote code execution on the host running apk-parser2. There is no patch avail...