Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10614 Vulnerability in npm package httpsync

Description

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Remediation

References

https://nodesecurity.io/advisories/210

Related Vulnerabilities

CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport

CVE-2016-10547 Vulnerability in npm package nunjucks

CVE-2016-9606 Vulnerability in maven package org.jboss.resteasy:resteasy-yaml-provider

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant

CVE-2022-41248 Vulnerability in maven package org.jenkins-ci.plugins:bigpanda-jenkins

Severity

Critical

Classification

CWE-311 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory