GHSA-RQWH-C535-J9HW Downloads Resources over HTTP in js-given

Affected versions of js-given insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

Downloads Resources over HTTP in js-given

Affected versions of js-given insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

js-given code execution vulnerability

js-given is a developer-oriented , BDD for JavaScript Behavior Driven Development, Behavior Driven Development tools . A security vulnerability exists in js-given that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability ...

Man-In-The-Middle (MitM)

js-given is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the netwo...

CVE-2016-10638

The CVE-2016-10638 issue affects the JavaScript frontend js-given, which downloads binary resources over HTTP. The root cause is insecure (unencrypted) HTTP delivery, enabling a MitM attacker to intercept the response and substitute the requested binary with a malicious one, potentially leading t...

Downloads Resources over HTTP

Overview Affected versions of js-given insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...