VYPR

Apk Parser2 Node Module

by Hackerone

CVEs (4)

  • CVE-2016-10632HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an…

  • CVE-2016-10574HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10564HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.01

    apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary…

  • CVE-2017-16086HigJun 7, 2018
    risk 0.52cvss 7.5epss 0.09

    ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.