VYPR

Node Opensl Node Module

by Hackerone

CVEs (5)

  • CVE-2016-10658HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy…

  • CVE-2017-16187HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16067HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16066HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16063HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.