10 matches found
gfe-sass downloads Resources over HTTP
Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
GHSA-72Q2-5RXX-XFFF gfe-sass downloads Resources over HTTP
Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
gfe (=1.1.0) potentially affected by CVE-2017-16040 via gfe-sass (=1.0.19)
gfe-sass NPM version =1.0.19 is affected by a known vulnerability. The following packages have a transitive dependency on gfe-sass and may be impacted: - gfe =1.1.0 Source cves: CVE-2017-16040 Source advisory: OSV:GHSA-72Q2-5RXX-XFFF...
gfe-sass Remote Code Execution Vulnerability
gfe-sass is a sass library. A security vulnerability exists in gfe-sass that originates when a program downloads a binary file over an unencrypted HTTP link. An attacker could exploit this vulnerability by intercepting the response and replacing the requested binary with a malicious executable fi...
CVE-2017-16040
gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...
Remote code execution
gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...
CVE-2017-16040
gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...
CVE-2017-16040
The CVE-2017-16040 issue affects the gfe-sass library, where it downloads resources over HTTP. This enables a man-in-the-middle when an attacker is on the network or between the user and the server to swap the requested resources with malicious copies, potentially causing remote code execution on...
Resources Downloaded Through Insecure Protocol
gfe-sass downloads resources through an insecure protocol. The library downloads resources through HTTP, allowing a man-in-the-middle attack to tamper with the content in transit...
Downloads Resources over HTTP
Overview Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...