10 matches found
EUVD-2019-0355
Malware in sbrugna...
GHSA-WQ7Q-7VFH-2X3H install-nw downloads Resources over HTTP
Affected versions of install-nw insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
install-nw code execution vulnerability
install-nw is a tool for installing and caching NW.j modules. A security vulnerability exists in versions prior to install-nw 1.1.5, which originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested bina...
install-nw code execution vulnerability (CNVD-2018-10902)
install-nw is a tool for installing and caching NW.j modules. A security vulnerability exists in versions prior to install-nw 1.1.5, which originates when a program downloads JavaScript resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested...
Remote code execution
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10566
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10566
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10566
The CVE-2016-10566 entry concerns install-nw, a tool for installing NW.js. Versions before 1.1.5 download binary resources over HTTP, enabling MITM interference. An attacker on the network could swap the requested binary with a malicious one, potentially causing remote code execution on the user’...
Man In The Middle (MitM)
install-nw is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...
Downloads Resources over HTTP
Overview Affected versions of install-nw insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...