GHSA-VVWP-3F54-XC39 Downloads Resources over HTTP in broccoli-closure

Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP in broccoli-closure

Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Broccoli-closure File Download Vulnerability

broccoli-closure is a JavaScript checker and optimizer for broccoli the browser compilation library. A file download vulnerability exists in broccoli-closure versions prior to 1.3.1, which originates when a program downloads binary resources over the HTTP protocol. A remote attacker could exploit...

Man-in-the-Middle(MitM)

broccoli-closure is vulnerable to man-in-the-middle MitM. It is possible because it allows to download the requested binary resources via HTTP, which potentially cause remote code execution RCE by replacing the requested binary with an attacker controlled binary if the attacker is on the network ...

CVE-2016-10635

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

CVE-2016-10635

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

Design/Logic Flaw

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

CVE-2016-10635

The CVE-2016-10635 entry affects broccoli-closure, a Closure compiler plugin for Broccoli. Versions prior to 1.3.1 download binary resources over HTTP, enabling MITM modification of binaries and potential remote code execution if an attacker is on the network between the user and the server. The ...

CVE-2016-10635

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...