3 matches found
cocos2d-coffee-autocomplete (>=0.1.0 <=0.1.3), codeforces-tool (>=0.1.1 <=0.1.2) +13 more potentially affected by CVE-2016-10614 via httpsync (>=0.0.7 <=0.0.8)
httpsync NPM version =0.0.7, =0.1.0, =0.1.1, =0.0.1, =0.1.0, =0.0.6, =0.1.0, =0.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.9, =0.0.10 Source cves: CVE-2016-10614 Source advisory: OSV:GHSA-4X5J-V9V9-W8GW...
CVE-2016-10614
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
CVE-2016-10614
The CVE-2016-10614 entry concerns httpsync, a Node.js port of libcurl. The vulnerability arises because httpsync downloads binary resources over HTTP, enabling MITM attackers to swap the downloaded binary with a malicious one and potentially trigger remote code execution if the attacker is on the...