h5-test (>=0.1.1 <=0.2.0) potentially affected by CVE-2016-10560 via galenframework-cli (=1.6.4)

galenframework-cli NPM version =1.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on galenframework-cli and may be impacted: - h5-test =0.1.1, =0.2.0 Source cves: CVE-2016-10560 Source advisory: OSV:GHSA-X5PH-4FR4-G7FW...

GHSA-X5PH-4FR4-G7FW Downloads Resources over HTTP in galenframework-cli

Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP in galenframework-cli

Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

Remote code execution

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

Downloads Resources over HTTP

Overview Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...