EUVD-2019-0278

Malware in sbrugna...

scalajs-standalone-bin (>=0.1.0 <=0.4.3), tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10627 via scala-bin (>=0.2.1 <=0.3.3)

scala-bin NPM version =0.2.1, =0.1.0, =0.2.0, =0.2.2 Source cves: CVE-2016-10627 Source advisory: OSV:GHSA-3VV5-42WR-M32G...

tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10634 via scalajs-standalone-bin (=0.4.3)

scalajs-standalone-bin NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on scalajs-standalone-bin and may be impacted: - tpr =0.2.0, =0.2.2 Source cves: CVE-2016-10634 Source advisory: OSV:GHSA-CVX3-PQMJ-X57X...

scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

GHSA-CVX3-PQMJ-X57X scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Man-in-the-Middle (MitM)

scalajs-standalone-bin is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10634

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

Remote code execution

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10634

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

Downloads Resources over HTTP

Overview Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...