8 matches found
GHSA-MM7H-323R-9P4G Downloads Resources over HTTP in imageoptim
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
anione (>=1.2.0 <=1.2.7), gulp-imageoptim (=0.1.0) potentially affected by CVE-2016-10596 via imageoptim (>=0.3.4 <=0.4.2)
imageoptim NPM version =0.3.4, =1.2.0, =1.2.7 - gulp-imageoptim =0.1.0 Source cves: CVE-2016-10596 Source advisory: OSV:GHSA-MM7H-323R-9P4G...
Downloads Resources over HTTP in imageoptim
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
Man In The Middle (MitM)
imageoptim is vulnerable to man-in-the-middle MitM attack. It allows the download of executable resources HTTP, leading to MitM. Moreover, an attacker can also swap the authentic file with its malicious file to launch remote code execution RCE if the attacker is on the network or positioned in...
Remote code execution
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
CVE-2016-10596
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
CVE-2016-10596
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
CVE-2016-10596
The CVE-2016-10596 entry concerns imageoptim, a Node.js wrapper for image compression algorithms. The vulnerability arises because it downloads zipped resources over HTTP, enabling MITM attacks. A remote code execution (RCE) could be possible if an attacker swaps the tarball with a malicious one ...