EUVD-2018-0416

Malware in sbrugna...

GHSA-PH8P-2G97-9654 Downloads Resources over HTTP in jstestdriver

Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in jstestdriver

Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

jstestdriver Remote Code Execution Vulnerability

jstestdriver is a JavaScript code testing , running tools. A security vulnerability exists in jstestdriver that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with an...

Man-in-the-Middle (MitM)

jstestdriver is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Remote code execution

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

CVE-2016-10643

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

CVE-2016-10643

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

CVE-2016-10643

CVE-2016-10643 affects jstestdriver, a wrapper for Google's jstestdriver. The vulnerability arises because it downloads binary resources over HTTP, enabling a MitM attacker on the network to swap the binary with a malicious one and potentially achieve remote code execution. Affected versions are ...

Downloads Resources over HTTP

Overview Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...