headq-rtc (=1.0.0), kittyswarm (>=1.1.0 <=1.1.1) +1 more potentially affected by CVE-2016-10600 via webrtc-native (=1.4.0)

webrtc-native NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on webrtc-native and may be impacted: - headq-rtc =1.0.0 - kittyswarm =1.1.0, =1.1.1 - peeracle =0.0.3 Source cves: CVE-2016-10600 Source advisory: OSV:GHSA-7XVG-M3VX-2HHV...

GHSA-7XVG-M3VX-2HHV Downloads Resources over HTTP in webrtc-native

Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in webrtc-native

Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

CVE-2016-10600

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10600

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Remote code execution

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10600

The CVE-2016-10600 entry concerns the webrtc-native component, which uses WebRTC from the Chromium project. The vulnerability arises because webrtc-native downloads binary resources over HTTP, enabling a man‑in‑the‑middle attacker to intercept or replace the binary and potentially achieve remote ...

CVE-2016-10600

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Downloads Resources over HTTP

Overview Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...