3 matches found
apeman-demo-static (>=2.0.0 <=2.0.8), apeman-demo-web (=3.0.1) +23 more potentially affected by CVE-2016-10582 via closurecompiler (>=1.1.4 <=1.6.1)
closurecompiler NPM version =1.1.4, =2.0.0, =1.5.6, =1.0.0, =0.2.0, =0.1.0, =0.4.0, =0.9.0, =1.0.0, =0.3.0, =0.1.0, =0.1.3, =0.0.1, =0.1.1 - makona-editor =0.0.1 and more Source cves: CVE-2016-10582 Source advisory: OSV:GHSA-HJGP-8FFR-HWWR...
CVE-2016-10582
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...
CVE-2016-10582
Closurecompiler (Node.js) is affected by a vulnerability where it downloads binary resources over HTTP, enabling MITM interference and potentially remote code execution if an attacker can replace the binary in transit. On the connected advisories, the issue is described for closurecompiler with t...