GHSA-M2W9-RM58-MHM9 Downloads Resources over HTTP in node-thulac

Affected versions of node-thulac insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in node-thulac

Affected versions of node-thulac insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Man-in-the-middle attack vulnerability in node-thulac

node-thulac is a Chinese participle tool. A security vulnerability exists in node-thulac, which originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with an attacker-controlled binary to...

Man-in-the-Middle (MitM)

node-thulac is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10640

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network o...

Remote code execution

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network o...

CVE-2016-10640

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network o...

CVE-2016-10640

node-thulac, a Node binding for thulac, downloads binary resources over HTTP, making it vulnerable to MITM attacks. The available sources (NVD/NPM advisory/GHSA/OSV) describe potential remote code execution if an attacker on the network swaps the requested binary with a malicious one. Affected ve...

Downloads Resources over HTTP

Overview Affected versions of node-thulac insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...