ibapi downloads Resources over HTTP

Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-92QM-HC53-JJRJ ibapi downloads Resources over HTTP

Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Man-in-the-Middle(MitM)

ibapi is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because it allows downloading of requested executable files via HTTP if there is a privileged network position for the attacker. It can subsequently open up a loophole for remote code execution since the attacker can...

CVE-2016-10593

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

CVE-2016-10593

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

Remote code execution

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

CVE-2016-10593

Issue : ibapi (NodeJS addon) downloads binary resources over HTTP, enabling MITM-based code execution. Root cause : unencrypted binary fetch allows an attacker on the network path to swap binaries. Impact : remote code execution in affected environments prior to version 2.5.6 (as stated in CVE-20...

CVE-2016-10593

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

Downloads Resources over HTTP

Overview Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...