EUVD-2019-0224

Malware in sbrugna...

GHSA-4X5J-V9V9-W8GW Downloads Resources over HTTP in httpsync

Affected versions of httpsync insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

cocos2d-coffee-autocomplete (>=0.1.0 <=0.1.3), codeforces-tool (>=0.1.1 <=0.1.2) +13 more potentially affected by CVE-2016-10614 via httpsync (>=0.0.7 <=0.0.8)

httpsync NPM version =0.0.7, =0.1.0, =0.1.1, =0.0.1, =0.1.0, =0.0.6, =0.1.0, =0.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.9, =0.0.10 Source cves: CVE-2016-10614 Source advisory: OSV:GHSA-4X5J-V9V9-W8GW...

Downloads Resources over HTTP in httpsync

Affected versions of httpsync insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

Man-in-the-Middle (MitM)

httpsync is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10614

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Remote code execution

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10614

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10614

The CVE-2016-10614 entry concerns httpsync, a Node.js port of libcurl. The vulnerability arises because httpsync downloads binary resources over HTTP, enabling MITM attackers to swap the downloaded binary with a malicious one and potentially trigger remote code execution if the attacker is on the...