EUVD-2019-0232

Malware in sbrugna...

GHSA-5RM3-QHXF-RH3R Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Co-cli-installer Remote Code Execution Vulnerability

The co-cli-installer is a package for installing the co-cli command line tool. A security vulnerability exists in co-cli-installer that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting t...

Remote code execution

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

CVE-2016-10657

CVE-2016-10657 concerns the co-cli-installer, which downloads the co-cli module over HTTP. The underlying issue is unencrypted HTTP delivery of a binary/executable, enabling a man-in-the-middle attack where an attacker on the network could swap the downloaded resource, potentially leading to remo...

CVE-2016-10657

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

Man In The Middle (MitM)

co-cli-installer is vulnerable to man-in-the-middle MitM attacks because it downloads the co-cli module as part of the install process over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...