Medium severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

Insecure Defaults Leads to Potential MITM in ezseed-transmission

CVE-2016-1000224

Description

Affected versions of ezseed-transmission download and run a script over an HTTP connection.

An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission.

Recommendation

Update to version 0.0.15 or later.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ezseed-transmissionnpm	>= 0.0.10, < 0.0.15	0.0.15

Affected products

Npm/Ezseed TransmissionGHSA
Range: >= 0.0.10, <= 0.0.14
Package: https://npmjs.com/package/ezseed-transmission

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-p788-rj37-357wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-1000224ghsaADVISORY
snyk.io/vuln/npm:ezseed-transmission:20160729ghsaWEB
www.npmjs.com/advisories/114ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000