Description
Affected versions of phantomjs-cheniu insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running phantomjs-cheniu.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.0.1
References
Related Issues
- Command Injection in lodash (GHSA-35jh-r3h4-6jhm) - CVE-2021-23337
- Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6531
- Regular Expression Denial of Service in jsoneditor - CVE-2021-3822
- @intlify/shared Prototype Pollution vulnerability - CVE-2024-52810
- Tags:
- npm
- phantomjs-cheniu
Anything's wrong? Let us know Last updated on January 09, 2023