EUVD-2020-0867

Malware in sbrugna...

Downloads Resources over HTTP in pm2-kafka

Affected versions of pm2-kafka insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-7WW4-C3MJ-93CF Downloads Resources over HTTP in pm2-kafka

Affected versions of pm2-kafka insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

pm2-kafka code execution vulnerability

pm2-kafka is a PM2 module for installing and running a kafka server. A security vulnerability exists in pm2-kafka that originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing...

CVE-2016-10693

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10693

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

Remote code execution

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10693

pm2-kafka is a PM2 module that downloads binaries over HTTP, making it vulnerable to MITM. An attacker with a privileged network position can intercept and replace the requested binary, potentially achieving remote code execution on the host running pm2-kafka. Various sources (NVD, CVE records, G...

CVE-2016-10693

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

Man-in-the-Middle (MitM)

pm2-kafka is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in betwe...