2 matches found
CVE-2016-10590
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...
CVE-2016-10590
CVE-2016-10590 affects the Node.js wrapper cue-sdk-node, which downloads zipped resources over HTTP. The underlying issue is insecure HTTP transfers that enable a MITM attacker to swap the requested zip with a malicious one, potentially enabling remote code execution on the host. The public advis...