2 matches found
duckietv-builder (>=1.0.0 <=1.0.11) potentially affected by CVE-2016-10646 via resourcehacker (=4.2.51)
resourcehacker NPM version =4.2.51 is affected by a known vulnerability. The following packages have a transitive dependency on resourcehacker and may be impacted: - duckietv-builder =1.0.0, =1.0.11 Source cves: CVE-2016-10646 Source advisory: OSV:GHSA-P65H-233C-JXVM...
CVE-2016-10646
CVE-2016-10646 affects the Node wrapper resourcehacker, which downloads binary resources over HTTP. The underlying issue is insecure HTTP delivery, enabling MITM attackers to intercept the response and replace the requested binary with attacker-controlled code, potentially leading to remote code ...