4 matches found
CVE-2016-10677
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping ou...
CVE-2016-10677
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping ou...
CVE-2016-10677
The CVE-2016-10677 issue affects the Node.js wrapper package google-closure-tools-latest, which downloads Google Closure tools over HTTP. The core risk is MITM interception of binary resources, allowing an attacker on the network to swap the requested executable with a malicious copy, potentially...
CVE-2016-10677
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping ou...