GHSA-H8MC-42C3-R72P hubl-server downloads resources over HTTP

Affected versions of hubl-server insecurely download dependencies over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the responses and replace the dependencies with malicious ones, resulting in code execution on the...

Unspecified vulnerability in hubl-server module

The hubl-server module is a module for installing a hudl server. A security vulnerability exists in the hubl-server module that originates from a program using the HTTP protocol to download resources. An attacker can exploit this vulnerability to execute code on the system...

CVE-2017-16035

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

CVE-2017-16035

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

CVE-2017-16035

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

CVE-2017-16035

CVE-2017-16035 concerns the hubl-server module (HubL Development Server wrapper). Connected sources confirm that during installation hubl-server downloads dependencies from api.hubapi.com, which initially uses HTTPS but redirects to HTTP, enabling a man-in-the-middle to compromise installation in...

Man In The Middle (MitM)

hubl-server is vulnerable to man-in-the-middle MitM attacks. These attacks are possible because the api.hubapi.com url that the dependencies are retrieved from redirects to a HTTP url. This gives attackers the ability to compromise the integrity of the packages as they are being downloaded...

Downloads resources over HTTP

Overview Affected versions of hubl-server insecurely download dependencies over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the responses and replace the dependencies with malicious ones, resulting in code execution...