EUVD-2019-0246

Malware in sbrugna...

robot-js downloads Resources over HTTP

Affected versions of robot-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-6V7P-J23V-4XMW robot-js downloads Resources over HTTP

Affected versions of robot-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

native-ui-toolkit (>=0.0.1 <=0.0.4), nodehotkey (>=1.0.5 <=2.0.15) +2 more potentially affected by CVE-2016-10608 via robot-js (=2.0.0)

robot-js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on robot-js and may be impacted: - native-ui-toolkit =0.0.1, =1.0.5, =1.1.0, =1.0.0, =1.0.3 Source cves: CVE-2016-10608 Source advisory: OSV:GHSA-6V7P-J23V-4XMW...

Man-in-the-Middle (MitM)

robot-js is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the netwo...

CVE-2016-10608

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10608

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10608

CVE-2016-10608 affects the robot-js module used for native system automation in Node.js. The vulnerability arises because robot-js downloads binary resources over HTTP, enabling a MITM attacker in a privileged network position to intercept the response and replace the binary with a malicious one,...

CVE-2016-10608

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...