Downloads Resources over HTTP in strider-sauce

Description

Affected versions of strider-sauce insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running strider-sauce.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.6.2

References

• GHSA-8gf4-pcj6-54rp
• www.npmjs.com
• CVE-2016-10611
• CWE-311
• CAPEC-310
• OWASP 2021-A4
• OWASP 2021-A6

Related Issues

• Downloads Resources over HTTP in webdrvr - CVE-2016-10601
• Downloads Resources over HTTP in limbus-buildgen - CVE-2016-10674
• Downloads Resources over HTTP in wasdk - CVE-2016-10587
• Downloads Resources over HTTP in product-monitor - CVE-2016-10567

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

strider-sauce