4 matches found
Design/Logic Flaw
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10584
The CVE-2016-10584 entry concerns dalek-browser-chrome-canary, a Google Chrome binding for DalekJS. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) attacker to swap the requested binary with malware, potentially causing remote code exe...
CVE-2016-10584
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
Downloads Resources over HTTP
Overview Affected versions of dalek-browser-chrome-canary insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...