Description
Affected versions of dalek-browser-ie-canary insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running dalek-browser-ie-canary.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.0.4-2014-04-04-12-11-49
References
Related Issues
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 4 - CVE-2019-10744
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 2 - CVE-2019-10744
- Passbolt Browser Extension leaks password information - CVE-2024-33669
- JSONata expression can pollute the "Object" prototype - CVE-2024-27307
- Tags:
- npm
- dalek-browser-ie-canary
Anything's wrong? Let us know Last updated on September 11, 2023