Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2019/02/18 11:47 p.m.4 views

tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10634 via scalajs-standalone-bin (=0.4.3)

scalajs-standalone-bin NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on scalajs-standalone-bin and may be impacted: - tpr =0.2.0, =0.2.2 Source cves: CVE-2016-10634 Source advisory: OSV:GHSA-CVX3-PQMJ-X57X...

9.3CVSS7.2AI score0.01752EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2019/02/18 11:47 p.m.25 views

scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:47 p.m.1 views

GHSA-CVX3-PQMJ-X57X scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

9.3CVSS6.3AI score0.01752EPSS
Exploits0References3
Veracode
Veracode
added 2018/06/04 10:12 a.m.16 views

Man-in-the-Middle (MitM)

scalajs-standalone-bin is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

8.1CVSS8.3AI score0.01752EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2016/12/01 5:15 p.m.28 views

Downloads Resources over HTTP

Overview Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

9.3CVSS6.2AI score0.01752EPSS
Exploits0Affected Software1
Rows per page
Query Builder