3 matches found
frames-simulator (>=1.0.8 <=1.0.9) potentially affected by CVE-2016-10649 via frames-compiler (=1.0.8)
frames-compiler NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on frames-compiler and may be impacted: - frames-simulator =1.0.8, =1.0.9 Source cves: CVE-2016-10649 Source advisory: OSV:GHSA-9CHW-XRWX-F86J...
CVE-2016-10649
frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and t...
CVE-2016-10649
The CVE-2016-10649 entry concerns the frames-compiler project, where binary resources are downloaded over HTTP. The associated disclosures describe that an attacker with privileged network position can intercept the HTTP response and swap the requested binary with a malicious one, potentially lea...