7 matches found
fis-parser-sass-all (=0.2.3) potentially affected by CVE-2016-10686 via fis-sass-all (=0.2.0)
fis-sass-all NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fis-sass-all and may be impacted: - fis-parser-sass-all =0.2.3 Source cves: CVE-2016-10686 Source advisory: OSV:GHSA-VCFP-PPQW-MF23...
fis-sass-all downloads Resources over HTTP
Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP
Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Unspecified vulnerability in fis-sass-all
fis-sass-all is a package for implementing Sass compilation in Node.js. A security vulnerability exists in fis-sass-all, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response...
Man-in-the-Middle (MitM)
fis-sass-all is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10686
fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...
CVE-2016-10686
CVE-2016-10686 affects the node wrapper fis-sass-all for libsass, where binary resources are downloaded over HTTP. The underlying issue enables a man-in-the-middle scenario: an attacker with network position can intercept the HTTP response and replace the requested executable with a malicious cop...