2 matches found
strider (>=1.4.0 <=1.4.5) potentially affected by CVE-2016-10611 via strider-sauce (=0.6.2)
strider-sauce NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on strider-sauce and may be impacted: - strider =1.4.0, =1.4.5 Source cves: CVE-2016-10611 Source advisory: OSV:GHSA-8GF4-PCJ6-54RP...
CVE-2016-10611
CVE-2016-10611 affects the strider-sauce package (Sauce Labs / Selenium support for Strider). The issue stems from downloading zipped resources over HTTP, enabling MITM manipulation; an attacker on the network could swap the requested zip with a malicious one to trigger remote code execution. Pub...