2 matches found
openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10607 via openframe-glslviewer (=0.1.9)
openframe-glslviewer NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-glslviewer and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10607 Source advisory: OSV:GHSA-G2PF-QJGF-6FW3...
CVE-2016-10607
Openframe-glslviewer is vulnerable because it downloads binary resources over HTTP, which enables MitM attacks. If an attacker is on the network path, they could replace the requested binary with a malicious one, potentially causing remote code execution on the host running openframe-glslviewer. ...