3 matches found
CVE-2016-10603
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...
CVE-2016-10603
CVE-2016-10603 affects the npm package air-sdk (a wrapper for the Adobe AIR SDK). The vulnerability arises because air-sdk downloads binary resources over HTTP rather than HTTPS, enabling a man-in-the-middle (MITM) position to intercept the response and swap the requested binary with a malicious ...
CVE-2016-10603
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...