mollusc (>=1.0.0 <=1.1.0), schlug (=1.0.0) potentially affected by CVE-2016-10610 via unicode-json (=1.0.3)

unicode-json NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on unicode-json and may be impacted: - mollusc =1.0.0, =1.1.0 - schlug =1.0.0 Source cves: CVE-2016-10610 Source advisory: OSV:GHSA-HW4R-XR38-HM8J...

Downloads Resources over HTTP in unicode-json

Affected versions of unicode-json insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

GHSA-HW4R-XR38-HM8J Downloads Resources over HTTP in unicode-json

Affected versions of unicode-json insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

Man-in-the-Middle (MitM)

unicode-json is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and...

CVE-2016-10610

unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Code injection

unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10610

unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Downloads Resources over HTTP

Overview Affected versions of unicode-json insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...