4 matches found
node-qrcode (>=0.0.1 <=0.0.4), ocast-dongletv (>=1.0.1 <=1.1.0) potentially affected by CVE-2016-10618 via node-browser (>=0.0.1 <=0.0.3)
node-browser NPM version =0.0.1, =0.0.1, =1.0.1, =1.1.0 Source cves: CVE-2016-10618 Source advisory: OSV:GHSA-8R98-RQG5-4VM3...
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10618
node-browser is vulnerable to MITM because it downloads resources over HTTP, allowing an attacker on a privileged network to modify or read resources and potentially achieve remote code execution. The advisories note no patch is available and recommend avoiding the package or limiting use on publ...