GHSA-R36X-P5PV-9MFX prebuild-lwip downloads Resources over HTTP

Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

prebuild-lwip Remote Code Execution Vulnerability

prebuild-lwip is a lightweight image processor based on NodeJS. A security vulnerability exists in prebuild-lwip that originates when the program downloads binary resources over the HTTP protocol. An attacker can use this vulnerability to modify or read the downloaded resources and potentially...

Man-in-the-Middle(MitM)

prebuild-lwip is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10652

CVE-2016-10652 affects the NodeJS module prebuild-lwip , which insecurely downloads resources over HTTP. The underlying issue permits a network-position attacker to perform a MITM attack by modifying or reading downloaded resources, with potential consequences ranging from information disclosure ...