CWE-494
Download of Code Without Integrity Check
Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-184 · CAPEC-185 · CAPEC-186 · CAPEC-187 · CAPEC-533 · CAPEC-538 · CAPEC-657 · CAPEC-662 · CAPEC-691 · CAPEC-692 · CAPEC-693 · CAPEC-695
CVEs mapped to this weakness (62)
page 3 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12306 | Med | 0.29 | 4.4 | 0.00 | Nov 16, 2017 | A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit… | ||
| CVE-2017-13083 | Med | 0.28 | 5.3 | 0.01 | Oct 18, 2017 | Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | ||
| CVE-2026-20056 | — | Med | 0.26 | 4.0 | 0.00 | Feb 4, 2026 | A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. … | |
| CVE-2017-2739 | Low | 0.20 | 3.1 | 0.00 | Nov 22, 2017 | The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | ||
| CVE-2024-42183 | Low | 0.16 | 2.5 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls. | ||
| CVE-2025-52937 | Low | 0.06 | — | 0.00 | Jun 23, 2025 | Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib… | ||
| CVE-2026-28500 | — | 0.00 | — | 0.00 | Mar 18, 2026 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is… | ||
| CVE-2025-69263 | 0.00 | — | 0.00 | Jan 7, 2026 | pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who… | |||
| CVE-2024-47867 | 0.00 | — | 0.00 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which… | |||
| CVE-2024-28850 | 0.00 | — | 0.00 | Mar 25, 2024 | WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no… | |||
| CVE-2023-45821 | 0.00 | — | 0.00 | Oct 19, 2023 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only… | |||
| CVE-2023-29401 | — | 0.00 | — | 0.00 | Jun 8, 2023 | The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a… | ||
| CVE-2023-27025 | 0.00 | — | 0.00 | Apr 2, 2023 | An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | |||
| CVE-2022-45442 | 0.00 | — | 0.01 | Nov 28, 2022 | Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response… | |||
| CVE-2022-36359 | 0.00 | — | 0.01 | Aug 3, 2022 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from… | |||
| CVE-2020-2320 | 0.00 | — | 0.01 | Dec 3, 2020 | Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | |||
| CVE-2020-5398 | 0.00 | — | 0.88 | Jan 16, 2020 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute… | |||
| CVE-2019-16760 | — | 0.00 | — | 0.01 | Sep 30, 2019 | Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may… | ||
| CVE-2019-12728 | — | 0.00 | — | 0.01 | Jun 4, 2019 | Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. | ||
| CVE-2019-10248 | — | 0.00 | — | 0.00 | Apr 22, 2019 | Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected. |
- risk 0.29cvss 4.4epss 0.00
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit…
- risk 0.28cvss 5.3epss 0.01
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
- risk 0.26cvss 4.0epss 0.00
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. …
- risk 0.20cvss 3.1epss 0.00
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.
- risk 0.16cvss 2.5epss 0.00
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.
- risk 0.06cvss —epss 0.00
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib…
- CVE-2026-28500Mar 18, 2026risk 0.00cvss —epss 0.00
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is…
- CVE-2025-69263Jan 7, 2026risk 0.00cvss —epss 0.00
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who…
- CVE-2024-47867Oct 10, 2024risk 0.00cvss —epss 0.00
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which…
- CVE-2024-28850Mar 25, 2024risk 0.00cvss —epss 0.00
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no…
- CVE-2023-45821Oct 19, 2023risk 0.00cvss —epss 0.00
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only…
- CVE-2023-29401Jun 8, 2023risk 0.00cvss —epss 0.00
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a…
- CVE-2023-27025Apr 2, 2023risk 0.00cvss —epss 0.00
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
- CVE-2022-45442Nov 28, 2022risk 0.00cvss —epss 0.01
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response…
- CVE-2022-36359Aug 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from…
- CVE-2020-2320Dec 3, 2020risk 0.00cvss —epss 0.01
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.
- CVE-2020-5398Jan 16, 2020risk 0.00cvss —epss 0.88
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute…
- CVE-2019-16760Sep 30, 2019risk 0.00cvss —epss 0.01
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may…
- CVE-2019-12728Jun 4, 2019risk 0.00cvss —epss 0.01
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
- CVE-2019-10248Apr 22, 2019risk 0.00cvss —epss 0.00
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.