GHSA-G2PF-QJGF-6FW3 Downloads Resources over HTTP in openframe-glslviewer

Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

Downloads Resources over HTTP in openframe-glslviewer

Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10607 via openframe-glslviewer (=0.1.9)

openframe-glslviewer NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-glslviewer and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10607 Source advisory: OSV:GHSA-G2PF-QJGF-6FW3...

Downloads Resources over HTTP

Overview Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...