Lucene search
Veracode Vulnerability DatabaseVERACODE:6417HistoryMay 30, 2018 - 2:41 a.m.
Man-in-the-Middle (MitM)
2018-05-3002:41:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
54.6%
roslib-socketio are vulnerable to man-in-the-middle (MitM) attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| roslib-socketio | eq | 0.11.0 | |
| roslibjs | le | 0.18.0 |
References
Related
github
github
Downloads Resources over HTTP in roslib-socketio
2020-09-01 16:13:18
cve
cve
CVE-2016-10681
2018-05-29 20:29:02
cvelist
cvelist
CVE-2016-10681
2018-04-26 00:00:00
nvd
nvd
CVE-2016-10681
2018-05-29 20:29:02
osv
osv
CVE-2016-10681
2018-05-29 20:29:00
Downloads Resources over HTTP in roslib-socketio
2020-09-01 16:13:18
nodejs
nodejs
Downloads Resources over HTTP
2016-12-02 04:51:20
prion
prion
Remote code execution
2018-05-29 20:29:00