4 matches found
mollusc (>=1.0.0 <=1.1.0), schlug (=1.0.0) potentially affected by CVE-2016-10610 via unicode-json (=1.0.3)
unicode-json NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on unicode-json and may be impacted: - mollusc =1.0.0, =1.1.0 - schlug =1.0.0 Source cves: CVE-2016-10610 Source advisory: OSV:GHSA-HW4R-XR38-HM8J...
CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10610
unicode-json before 2.0.0 downloads data resources over HTTP, enabling potential MitM manipulation/read of resources and, in some advisories, remote code execution risks. The affected component is the unicode-json package (pre-2.0.0) and the remediation advised across sources is to upgrade to ver...
CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...