slimerjs-edge downloads Resources over HTTP

Description

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running slimerjs-edge.

Recommendation

No fix is available yet. Followings are affected versions:

• > 0

References

• GHSA-5rc6-2r3r-fv79
• www.npmjs.com
• CVE-2016-10644
• CWE-311
• CAPEC-310
• OWASP 2021-A4
• OWASP 2021-A6

Related Issues

• dalek-browser-ie downloads Resources over HTTP - CVE-2016-10605
• dalek-browser-ie-canary downloads Resources over HTTP - CVE-2016-10612
• Downloads Resources over HTTP in baryton-saxophone - CVE-2016-10573
• Downloads Resources over HTTP in dalek-browser-chrome-canary - CVE-2016-10584

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

slimerjs-edge