2 matches found
CVE-2016-10639
redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the networ...
CVE-2016-10639
CVE-2016-10639 affects the npm wrapper redis-srvr , which downloads binary resources over HTTP. The underlying issue is unencrypted HTTP downloads that allow a network-positioned attacker to intercept and swap the requested binary, potentially enabling remote code execution on the host running re...