EUVD-2019-0331

Malware in sbrugna...

GHSA-QJVF-RMWG-64FR Downloads Resources over HTTP in install-g-test

Affected versions of install-g-test insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

Downloads Resources over HTTP in install-g-test

Affected versions of install-g-test insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

Man-in-the-Middle (MitM)

install-g-test is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on th...

CVE-2016-10630

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10630

CVE-2016-10630 affects the install-g-test package, where resources are downloaded over HTTP, enabling man-in-the-middle interception. The available connected documents consistently describe MITM risk and, in several advisories, note that no patch is currently available; mitigation is to avoid the...

Downloads Resources over HTTP

Overview Affected versions of install-g-test insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends o...