EUVD-2020-0857

Malware in sbrugna...

Downloads Resources over HTTP in node-air-sdk

Affected versions of node-air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

airc (>=0.1.3 <=0.1.8), airc2 (>=1.0.0 <=1.3.1) potentially affected by CVE-2016-10647 via node-air-sdk (>=0.1.0 <=0.3.0)

node-air-sdk NPM version =0.1.0, =0.1.3, =1.0.0, =1.3.1 Source cves: CVE-2016-10647 Source advisory: OSV:GHSA-7HVM-29RF-2GF2...

node-air-sdk remote code execution vulnerability

node-air-sdk is a package for accessing, and downloading Adobe AIR SDK binaries. A security vulnerability exists in node-air-sdk that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary...

Man-in-the-Middle (MitM)

node-air-sdk is vulnerable to man-in-the-middle MitM attack. It is possible because it does not prevent downloading of binary resources via HTTP. Moreover, attacker can trigger remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10647

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10647

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10647

The CVE-2016-10647 issue affects node-air-sdk, an AIR SDK for Node.js, which downloads binary resources over HTTP. This creates a MITM risk that could allow an attacker in a privileged network position to replace the requested binary with a malicious one, potentially leading to remote code execut...

Downloads Resources over HTTP

Overview Affected versions of node-air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...