@camptocamp/closure-util (>=1.23.0 <=1.27.0), @cognigy/wndb-with-exceptions (>=3.0.1 <=3.0.3) +97 more potentially affected by CVE-2021-32803 via tar (>=3.0.0 <=3.1.5)

tar NPM version =3.0.0, =1.23.0, =3.0.1, =1.36.0, =0.0.1, =1.0.0, =3.0.14, =4.0.0, =1.4.0, =1.4.0, =1.4.0, =1.4.1 and more Source cves: CVE-2021-32803 Source advisory: OSV:GHSA-R628-MHMH-QJHW...

closure-util downloads Resources over HTTP

Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-2HPJ-G53M-9GJ6 closure-util downloads Resources over HTTP

Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

@descartes/d-editmap (=6.0.0), @descartes/d-geoplateforme (=6.0.0-RC2) +87 more potentially affected by CVE-2016-10583 via closure-util (>=1.15.1 <=1.26.0)

closure-util NPM version =1.15.1, =1.36.0, =0.0.1, =3.6.0, =1.0.0, =0.1.0, =0.3.0, =0.9.0, =0.1.0, =9.0.0, =1.20.2, =2.1.0 and more Source cves: CVE-2016-10583 Source advisory: OSV:GHSA-2HPJ-G53M-9GJ6...

Man In The Middle (MitM)

closure-util is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the netwo...