4 matches found
@dapp-stack/ipfs (>=0.1.0 <=0.5.0), @dapp-stack/scripts (>=0.1.0 <=0.3.0) +6 more potentially affected by CVE-2016-10563 via go-ipfs-dep (>=0.4.0-1 <=0.4.3-2)
go-ipfs-dep NPM version =0.4.0-1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.0, =0.4.0-hacky2, =0.9.0, =1.0.0, =1.6.0 Source cves: CVE-2016-10563 Source advisory: OSV:GHSA-G3XP-V2FF-X5C3...
GHSA-G3XP-V2FF-X5C3 Downloads Resources over HTTP in go-ipfs-dep
Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
Downloads Resources over HTTP in go-ipfs-dep
Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
Man In The Middle (MitM)
go-ipfs-dep is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binaries via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...