10 matches found
Downloads Resources over HTTP in strider-sauce
Affected versions of strider-sauce insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
strider (>=1.4.0 <=1.4.5) potentially affected by CVE-2016-10611 via strider-sauce (=0.6.2)
strider-sauce NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on strider-sauce and may be impacted: - strider =1.4.0, =1.4.5 Source cves: CVE-2016-10611 Source advisory: OSV:GHSA-8GF4-PCJ6-54RP...
GHSA-8GF4-PCJ6-54RP Downloads Resources over HTTP in strider-sauce
Affected versions of strider-sauce insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
strider-sauce code execution vulnerability
strider-sauce is a package for installing and deploying Strider. A security vulnerability exists in strider-sauce that originates when the program downloads compressed resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested zip file with a zi...
Man In The Middle (MitM)
strider-sauce is vulnerable to man-in-the-middleMitM attack. The vulnerability exists because it allows downloading of requested executable files via HTTP if the attacker's network position is between the remote server and client. It can subsequently open up a loophole for remote code execution...
CVE-2016-10611
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...
CVE-2016-10611
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...
Remote code execution
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...
CVE-2016-10611
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...
CVE-2016-10611
CVE-2016-10611 affects the strider-sauce package (Sauce Labs / Selenium support for Strider). The issue stems from downloading zipped resources over HTTP, enabling MITM manipulation; an attacker on the network could swap the requested zip with a malicious one to trigger remote code execution. Pub...