GHSA-238X-Q7XF-P4XW arrayfire-js downloads Resources over HTTP

Affected versions of arrayfire-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

arrayfire-js downloads Resources over HTTP

Affected versions of arrayfire-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Man In The Middle (MitM)

arrayfire-js is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Remote code execution

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10598

CVE-2016-10598 affects the Node.js module arrayfire-js . The vulnerability arises because it downloads binary resources over HTTP, enabling MitM interception. If an attacker on the network can swap the requested binary with a malicious one, remote code execution (RCE) may be possible on the host ...

Downloads Resources over HTTP

Overview Affected versions of arrayfire-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...