npm

Severity: moderate

Insecure Defaults Leads to Potential MITM

ezseed-transmission

Overview

Affected versions of ezseed-transmission download and run a script over an HTTP connection.

An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission.

Remediation

Update to version 0.0.15 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 29th, 2016
  2. reported

    Initial report by Adam Baldwin
    May 5th, 2016