2 matches found
scalajs-standalone-bin (>=0.1.0 <=0.4.3), tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10627 via scala-bin (>=0.2.1 <=0.3.3)
scala-bin NPM version =0.2.1, =0.1.0, =0.2.0, =0.2.2 Source cves: CVE-2016-10627 Source advisory: OSV:GHSA-3VV5-42WR-M32G...
CVE-2016-10627
The CVE-2016-10627 case involves scala-bin, a binary wrapper for Scala that downloads binaries over HTTP. The documented vulnerability is a MITM risk: an attacker on the network path could intercept the HTTP response and substitute a malicious binary, potentially enabling remote code execution on...