10 matches found
EUVD-2019-0261
Malware in sbrugna...
jdf (>=1.7.7 <=2.1.18), yrd (>=0.0.65 <=1.0.1) potentially affected by CVE-2016-10595 via jdf-sass (>=1.0.17 <=1.0.18)
jdf-sass NPM version =1.0.17, =1.7.7, =0.0.65, =1.0.1 Source cves: CVE-2016-10595 Source advisory: OSV:GHSA-8CC8-8VVX-FHGW...
jdf-sass downloads Resources over HTTP
Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP
Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
Remote code execution
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested file with an attacker controlled file if the attacker is on the netwo...
CVE-2016-10595
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested file with an attacker controlled file if the attacker is on the netwo...
CVE-2016-10595
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested file with an attacker controlled file if the attacker is on the netwo...
CVE-2016-10595
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested file with an attacker controlled file if the attacker is on the netwo...
CVE-2016-10595
The CVE-2016-10595 issue affects the jdf-sass package, a fork of node-sass, which downloads resources over HTTP. The underlying root cause is unencrypted HTTP transfers allowing an attacker with a privileged network position to MITM the responses and swap in a malicious executable, potentially le...
Downloads Resources over HTTP
Overview Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...