3 matches found
airc (>=0.1.3 <=0.1.8), airc2 (>=1.0.0 <=1.3.1) potentially affected by CVE-2016-10647 via node-air-sdk (>=0.1.0 <=0.3.0)
node-air-sdk NPM version =0.1.0, =0.1.3, =1.0.0, =1.3.1 Source cves: CVE-2016-10647 Source advisory: OSV:GHSA-7HVM-29RF-2GF2...
CVE-2016-10647
The CVE-2016-10647 issue affects node-air-sdk, an AIR SDK for Node.js, which downloads binary resources over HTTP. This creates a MITM risk that could allow an attacker in a privileged network position to replace the requested binary with a malicious one, potentially leading to remote code execut...
CVE-2016-10647
node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...