2 matches found
browsertime (>=1.0.0-alpha.0 <=1.0.0-alpha.18), sitespeed.io (=4.0.0-alpha.1) +1 more potentially affected by CVE-2016-10573 via baryton-saxophone (>=2.50.1 <=2.53.0)
baryton-saxophone NPM version =2.50.1, =1.0.0-alpha.0, =0.2.0, =0.22.4 Source cves: CVE-2016-10573 Source advisory: OSV:GHSA-6PWF-WHC8-HJF6...
CVE-2016-10573
baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the request...