VYPR

npm package

cue-sdk-node

pkg:npm/cue-sdk-node

Vulnerabilities (1)

  • CVE-2016-10590HigMay 29, 2018
    affected <= 1.2.1

    cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip fil