5 matches found
tpr (>=0.2.0 <=0.2.2) potentially affected by CVE-2016-10634 via scalajs-standalone-bin (=0.4.3)
scalajs-standalone-bin NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on scalajs-standalone-bin and may be impacted: - tpr =0.2.0, =0.2.2 Source cves: CVE-2016-10634 Source advisory: OSV:GHSA-CVX3-PQMJ-X57X...
scalajs-standalone-bin Downloads Resources over HTTP
Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
GHSA-CVX3-PQMJ-X57X scalajs-standalone-bin Downloads Resources over HTTP
Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
Man-in-the-Middle (MitM)
scalajs-standalone-bin is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...
Downloads Resources over HTTP
Overview Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...