frames-compiler downloads Resources over HTTP

Affected versions of frames-compiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

frames-simulator (>=1.0.8 <=1.0.9) potentially affected by CVE-2016-10649 via frames-compiler (=1.0.8)

frames-compiler NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on frames-compiler and may be impacted: - frames-simulator =1.0.8, =1.0.9 Source cves: CVE-2016-10649 Source advisory: OSV:GHSA-9CHW-XRWX-F86J...

frames-compiler remote code execution vulnerability

The frames-compiler is a suite of software for building a wide range of applications, providing a graphical user interface that supports multiple platforms. A security vulnerability exists in frames-compiler that originates when the program downloads binary resources over the HTTP protocol. A...

Man-in-the-Middle (MitM)

frames-compiler is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

CVE-2016-10649

The CVE-2016-10649 entry concerns the frames-compiler project, where binary resources are downloaded over HTTP. The associated disclosures describe that an attacker with privileged network position can intercept the HTTP response and swap the requested binary with a malicious one, potentially lea...