EUVD-2019-0233

Malware in sbrugna...

@jser/classifier-item-category (=1.0.1), jser-classifier-item-category (>=1.0.1 <=1.6.1) potentially affected by CVE-2016-10592 via jser-stat (>=3.1.0 <=4.0.3)

jser-stat NPM version =3.1.0, =1.0.1, =1.6.1 Source cves: CVE-2016-10592 Source advisory: OSV:GHSA-5W4P-H4GM-3W26...

Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

CVE-2016-10592

Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Man In The Middle (MitM)

jser-stat is vulnerable to man-in-the-middle MitM attacks due to downloading data resources over an insecure protocol. It is possible for an attacker to intercept this connection and alter the packages received...

Downloads Resources over HTTP

Overview Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...