4 matches found
node-qrcode (>=0.0.1 <=0.0.4), ocast-dongletv (>=1.0.1 <=1.1.0) potentially affected by CVE-2016-10618 via node-browser (>=0.0.1 <=0.0.3)
node-browser NPM version =0.0.1, =0.0.1, =1.0.1, =1.1.0 Source cves: CVE-2016-10618 Source advisory: OSV:GHSA-8R98-RQG5-4VM3...
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10618
node-browser is vulnerable to MITM because it downloads resources over HTTP, allowing an attacker on a privileged network to modify or read resources and potentially achieve remote code execution. The advisories note no patch is available and recommend avoiding the package or limiting use on publ...
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...