GHSA-8WG9-92FR-6J7V marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Unspecified vulnerability in marionette-socket-host

marionette-socket-host is a complete marionette-based environment for sending commands over sockets. A security vulnerability exists in marionette-socket-host that originates when a program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by...

CVE-2016-10648

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

Remote code execution

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10648

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10648

The CVE-2016-10648 issue affects the marionette-socket-host component, which downloads binary resources over HTTP. This creates a MITM risk that an attacker on the network could swap the binary with a malicious one, potentially leading to remote code execution on the host. Reported across multipl...

Downloads Resources over HTTP

Overview Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...