@descartes/d-editmap (=6.0.0), @descartes/d-geoplateforme (=6.0.0-RC2) +87 more potentially affected by CVE-2016-10583 via closure-util (>=1.15.1 <=1.26.0)

closure-util NPM version =1.15.1, =1.36.0, =0.0.1, =3.6.0, =1.0.0, =0.1.0, =0.3.0, =0.9.0, =0.1.0, =9.0.0, =1.20.2, =2.1.0 and more Source cves: CVE-2016-10583 Source advisory: OSV:GHSA-2HPJ-G53M-9GJ6...

CVE-2016-10583

Affected software: closure-util / closure-utils. Issue: downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) where an attacker in a privileged network position can intercept and replace the binary, potentially leading to remote code execution (RCE). Impact (as stated): code e...

CVE-2016-10583

closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...