GHSA-p788-rj37-357w

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 4.2

Описание

Insecure Defaults Leads to Potential MITM in ezseed-transmission

Affected versions of ezseed-transmission download and run a script over an HTTP connection.

An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission.

Recommendation

Update to version 0.0.15 or later.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2016-1000224
https://snyk.io/vuln/npm:ezseed-transmission:20160729
https://www.npmjs.com/advisories/114

Пакеты

Наименование

ezseed-transmission

npm

Затронутые версииВерсия исправления

>= 0.0.10, <= 0.0.14

0.0.15

4.2 Medium

CVSS3

CVE ID

CVE-2016-1000224

Дефекты

CWE-295

CWE-300

Связанные уязвимости

CVE-2016-1000224

debian

Описание отсутствует

4.2 Medium

CVSS3

CVE ID

CVE-2016-1000224

Дефекты

CWE-295

CWE-300