1 results (0.001 seconds)
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10639
https://notcve.org/view.php?id=CVE-2016-10639
04 Jun 2018 — redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. redis-srvr es un wrapper de npm para redis-server. redis-srvr descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. Podría ser po... • https://nodesecurity.io/advisories/238 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •