GHSA-MGR2-3MPV-43GC Downloads Resources over HTTP in openframe-image

Affected versions of openframe-image insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

Downloads Resources over HTTP in openframe-image

Affected versions of openframe-image insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10616 via openframe-image (=0.1.8)

openframe-image NPM version =0.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-image and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10616 Source advisory: OSV:GHSA-MGR2-3MPV-43GC...

Man-in-the-Middle (MitM)

openframe-image is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution...

CVE-2016-10616

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Design/Logic Flaw

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10616

The CVE-2016-10616 entry concerns openframe-image, an Openframe extension for images that downloads resources over HTTP. The root cause is insecure HTTP downloads, which enables MITM-style manipulation or interception of resources by an attacker with network access. Documented impacts range from ...

CVE-2016-10616

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Downloads Resources over HTTP

Overview Affected versions of openframe-image insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends...