Node Opensl Node Module
by Hackerone
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10658 | Hig | 0.53 | 8.1 | 0.02 | May 29, 2018 | native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy… | ||
| CVE-2017-16187 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16067 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16066 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16063 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
- risk 0.53cvss 8.1epss 0.02
native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy…
- risk 0.49cvss 7.5epss 0.02
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.01
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.