3 matches found
fiskit (>=0.0.27 <=0.0.28) potentially affected by CVE-2016-10660 via fis-parser-sass-bin (=1.0.1)
fis-parser-sass-bin NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on fis-parser-sass-bin and may be impacted: - fiskit =0.0.27, =0.0.28 Source cves: CVE-2016-10660 Source advisory: OSV:GHSA-5PQ8-2Q24-MJ3P...
CVE-2016-10660
fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
CVE-2016-10660
CVE-2016-10660 affects the fis-parser-sass-bin plugin used to compile Sass via node-sass-binaries. The vulnerability arises because the plugin downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM interception and replace the requested binary with a malici...