3 matches found
native-ui-toolkit (>=0.0.1 <=0.0.4), nodehotkey (>=1.0.5 <=2.0.15) +2 more potentially affected by CVE-2016-10608 via robot-js (=2.0.0)
robot-js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on robot-js and may be impacted: - native-ui-toolkit =0.0.1, =1.0.5, =1.1.0, =1.0.0, =1.0.3 Source cves: CVE-2016-10608 Source advisory: OSV:GHSA-6V7P-J23V-4XMW...
CVE-2016-10608
robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...
CVE-2016-10608
CVE-2016-10608 affects the robot-js module used for native system automation in Node.js. The vulnerability arises because robot-js downloads binary resources over HTTP, enabling a MITM attacker in a privileged network position to intercept the response and replace the binary with a malicious one,...