EUVD-2019-0285

Malware in sbrugna...

GHSA-G2PF-QJGF-6FW3 Downloads Resources over HTTP in openframe-glslviewer

Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10607 via openframe-glslviewer (=0.1.9)

openframe-glslviewer NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-glslviewer and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10607 Source advisory: OSV:GHSA-G2PF-QJGF-6FW3...

Downloads Resources over HTTP in openframe-glslviewer

Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

CVE-2016-10607

openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

Downloads Resources over HTTP

Overview Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...