CVE-2016-10604 in dalek-browser-chromeinformazioni

Riassunto

di MITRE

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

29/10/2017

Divulgazione

01/06/2018

Moderazione

accettato

Voce

VDB-118513

CPE

pronto

CWE

CWE-310 (confermato)

CVSS

8.1 (NVD)

EPSS

0.02104

KEV

Attività

molto basso

Settore

Finance, Insurance, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10604
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10604
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10604/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!