EUVD-2018-0175

Malware in sbrugna...

@architect/data (=1.0.0), @architect/workflows (>=1.0.11 <=2.8.2) +23 more potentially affected by CVE-2018-1000096 via tiny-json-http (>=1.0.3 <=6.2.0)

tiny-json-http NPM version =1.0.3, =1.0.11, =3.0.0, =0.0.1, =1.1.5, =0.0.1, =3.0.0-beta.1, =0.17.717, =0.4.1-alpha.1, =0.4.1, =1.0.0-alpha.2 and more Source cves: CVE-2018-1000096 Source advisory: OSV:GHSA-7H42-5VJ2-CQ39...

tiny-json-http missing SSL certificate validation

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 Oct 29 2016 contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks...

GHSA-7H42-5VJ2-CQ39 tiny-json-http missing SSL certificate validation

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 Oct 29 2016 contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks...

CVE-2018-1000096

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 Oct 29 2016 contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks...

CVE-2018-1000096

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 Oct 29 2016 contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks...

CVE-2018-1000096

CVE-2018-1000096 affects the tiny-json-http library (all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8). The root cause is Missing SSL certificate validation in the library’s core functionality, which can expose users to man-in-the-middle (MITM) attacks. The connected documents c...

CVE-2018-1000096

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 Oct 29 2016 contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks...