2 matches found
@mehrdafon/n8n-nodes-ibm-db2 (=0.4.9), connect-db2 (>=0.0.1 <=0.5.0) +14 more potentially affected by CVE-2016-10577 via ibm_db (>=0.0.1 <=1.0.1)
ibmdb NPM version =0.0.1, =0.0.1, =0.0.1, =1.1.0, =2.0.0, =1.0.1, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =5.0.0, =0.0.1, =0.2.13, =0.0.3, =1.0.0 and more Source cves: CVE-2016-10577 Source advisory: OSV:GHSA-C4QP-H3M6-785F...
CVE-2016-10577
CVE-2016-10577 concerns the ibm_db Node.js interface to IBM DB2/Informix. The affected library (ibm_db before 1.0.2) downloads binary resources over HTTP, exposing users to MITM modification or interception of binaries. The documentation states that a remote attacker positioned on the network cou...