2 matches found
webshotgun (>=0.0.2 <=1.0.1) potentially affected by CVE-2016-10644 via slimerjs-edge (=0.10.0-pre-3)
slimerjs-edge NPM version =0.10.0-pre-3 is affected by a known vulnerability. The following packages have a transitive dependency on slimerjs-edge and may be impacted: - webshotgun =0.0.2, =1.0.1 Source cves: CVE-2016-10644 Source advisory: OSV:GHSA-5RC6-2R3R-FV79...
CVE-2016-10644
CVE-2016-10644 relates to the npm wrapper slimerjs-edge , which downloads binary resources over HTTP. The core vulnerability is a MITM risk: an attacker on the network could intercept the HTTP response and substitute the requested binary with a malicious one, potentially enabling remote code exec...