EUVD-2019-0219

Malware in sbrugna...

grunt-dwebp (>=0.1.0 <=1.1.2), gulp-dwebp (>=0.1.0 <=1.0.2) +1 more potentially affected by CVE-2016-10633 via dwebp-bin (>=0.1.6 <=1.0.0)

dwebp-bin NPM version =0.1.6, =0.1.0, =0.1.0, =0.2.8, =0.2.9 Source cves: CVE-2016-10633 Source advisory: OSV:GHSA-4PF7-579W-F4GM...

dwebp-bin downloads Resources over HTTP

Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-4PF7-579W-F4GM dwebp-bin downloads Resources over HTTP

Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

Man-in-the-Middle (MitM)

dwebp-bin is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10633

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10633

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

Remote code execution

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10633

CVE-2016-10633 affects dwebp-bin, a Node.js wrapper for dwebp that converts WebP to PNG. The vulnerability arises because it downloads binary resources over HTTP, enabling MITM tampering. An attacker on the network could swap the requested binary with a malicious one, potentially triggering remot...

CVE-2016-10633

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

Downloads Resources over HTTP

Overview Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...