2 matches found
alfred2 (=2.0.1), gordon (>=0.0.2 <=0.0.4) potentially affected by CVE-2016-10619 via pennyworth (>=0.0.3 <=0.0.5)
pennyworth NPM version =0.0.3, =0.0.2, =0.0.4 Source cves: CVE-2016-10619 Source advisory: OSV:GHSA-X3J8-G4V9-67JQ...
CVE-2016-10619
CVE-2016-10619 concerns pennyworth, a natural language templating engine that downloads data resources over HTTP, making it vulnerable to MITM attacks. The connected advisories confirm that insecure HTTP resource loading can allow an attacker with a privileged network position to modify/read reso...