EUVD-2018-0372

Malware in sbrugna...

GHSA-5RC6-2R3R-FV79 slimerjs-edge downloads Resources over HTTP

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

slimerjs-edge downloads Resources over HTTP

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

webshotgun (>=0.0.2 <=1.0.1) potentially affected by CVE-2016-10644 via slimerjs-edge (=0.10.0-pre-3)

slimerjs-edge NPM version =0.10.0-pre-3 is affected by a known vulnerability. The following packages have a transitive dependency on slimerjs-edge and may be impacted: - webshotgun =0.0.2, =1.0.1 Source cves: CVE-2016-10644 Source advisory: OSV:GHSA-5RC6-2R3R-FV79...

Slimerjs-edge Remote Code Execution Vulnerability

slimerjs-edge is a scriptable browser for web development and testing. A security vulnerability exists in slimerjs-edge that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

Man-In-The-Middle (MitM)

slimerjs-edge is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10644

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

Remote code execution

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2016-10644

CVE-2016-10644 relates to the npm wrapper slimerjs-edge , which downloads binary resources over HTTP. The core vulnerability is a MITM risk: an attacker on the network could intercept the HTTP response and substitute the requested binary with a malicious one, potentially enabling remote code exec...