Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2018/08/17 8:20 p.m.5 views

fis-parser-sass-all (=0.2.3) potentially affected by CVE-2016-10686 via fis-sass-all (=0.2.0)

fis-sass-all NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fis-sass-all and may be impacted: - fis-parser-sass-all =0.2.3 Source cves: CVE-2016-10686 Source advisory: OSV:GHSA-VCFP-PPQW-MF23...

9.3CVSS7.2AI score0.02104EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/08/17 8:20 p.m.27 views

fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.02104EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/08/17 8:20 p.m.1 views

GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

8.1CVSS6.3AI score0.02104EPSS
Exploits0References4
CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

Unspecified vulnerability in fis-sass-all

fis-sass-all is a package for implementing Sass compilation in Node.js. A security vulnerability exists in fis-sass-all, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response...

9.3CVSS8.1AI score0.02104EPSS
Exploits0References1
Veracode
Veracode
added 2018/06/05 4:56 a.m.14 views

Man-in-the-Middle (MitM)

fis-sass-all is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

8.1CVSS8.3AI score0.02104EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/04 4:29 p.m.4 views

CVE-2016-10686

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

8.1CVSS6.3AI score0.02104EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.57 views

CVE-2016-10686

CVE-2016-10686 affects the node wrapper fis-sass-all for libsass, where binary resources are downloaded over HTTP. The underlying issue enables a man-in-the-middle scenario: an attacker with network position can intercept the HTTP response and replace the requested executable with a malicious cop...

9.3CVSS8.3AI score0.02104EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder