scalajs-standalone-bin (>=0.1.0 <=0.4.3), tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10627 via scala-bin (>=0.2.1 <=0.3.3)

scala-bin NPM version =0.2.1, =0.1.0, =0.2.0, =0.2.2 Source cves: CVE-2016-10627 Source advisory: OSV:GHSA-3VV5-42WR-M32G...

Downloads Resources over HTTP in scala-bin

Affected versions of scala-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-3VV5-42WR-M32G Downloads Resources over HTTP in scala-bin

Affected versions of scala-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

scala-bin file download vulnerability

scala-bin is a package installer for the Scala language. A security vulnerability exists in scala-bin that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with a binary under their...

Man-in-the-Middle(MitM)

scala-bin is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10627

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10627

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10627

The CVE-2016-10627 case involves scala-bin, a binary wrapper for Scala that downloads binaries over HTTP. The documented vulnerability is a MITM risk: an attacker on the network path could intercept the HTTP response and substitute a malicious binary, potentially enabling remote code execution on...

CVE-2016-10627

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...