Neatly Punctuated Musings
product-monitor

Downloads Resources over HTTP

Severity: high

Overview

Affected versions of product-monitor insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running product-monitor.

Remediation

Update to versions 2.2.5 or later.

Vulnerable versions

1.0.0
3 years ago
1.0.1
3 years ago
1.0.2
3 years ago
1.0.3
3 years ago
1.0.4
3 years ago
1.0.5
3 years ago
1.0.6
3 years ago
1.1.0
3 years ago
1.1.1
3 years ago
1.1.2
3 years ago
1.1.3
3 years ago
1.1.4
3 years ago
1.2.0
3 years ago
1.3.0
3 years ago
1.3.1
3 years ago
1.4.0
3 years ago
1.4.1
3 years ago
1.4.2
3 years ago
1.5.0
3 years ago
1.5.1
3 years ago
1.6.0
3 years ago
1.6.1
3 years ago
1.6.2
3 years ago
1.6.3
3 years ago
1.6.4
3 years ago
1.6.5
3 years ago
1.6.6
3 years ago
1.6.7
3 years ago
1.6.8
3 years ago
1.6.9
3 years ago
1.7.0
3 years ago
1.7.1
3 years ago
1.7.2
3 years ago
1.8.0
3 years ago
1.8.1
3 years ago
1.8.2
3 years ago
1.8.3
3 years ago
1.8.4
3 years ago
1.8.5
3 years ago
1.8.6
3 years ago
1.8.7
3 years ago
1.8.8
3 years ago
1.8.9
3 years ago
1.8.10
3 years ago
1.8.11
3 years ago
1.8.12
3 years ago
1.8.13
3 years ago
1.8.14
3 years ago
1.8.15
3 years ago
1.8.16
3 years ago
1.8.17
3 years ago
1.8.18
3 years ago
1.8.19
3 years ago
1.8.20
3 years ago
1.8.21
3 years ago
1.8.22
3 years ago
1.8.23
3 years ago
1.8.24
3 years ago
1.8.25
3 years ago
1.8.26
3 years ago
1.8.27
3 years ago
1.8.28
3 years ago
1.8.29
3 years ago
1.8.30
3 years ago
1.8.31
3 years ago
1.8.32
3 years ago
1.8.33
3 years ago
1.8.34
3 years ago
1.8.35
3 years ago
1.8.36
3 years ago
1.9.0
3 years ago
1.9.1
3 years ago
2.0.0
3 years ago
2.0.1
3 years ago
2.0.2
3 years ago
2.0.3
3 years ago
2.0.4
3 years ago
2.0.5
3 years ago
2.1.0
3 years ago
2.1.1
3 years ago
2.1.2
3 years ago
2.2.0
3 years ago
2.2.1
3 years ago
2.2.2
2 years ago
2.2.3
2 years ago
2.2.4
2 years ago

Unaffected versions

1.6.5-a
3 years ago
1.6.5-b
3 years ago
1.6.5-c
3 years ago
1.6.5-d
3 years ago
2.2.5
2 years ago
2.2.6
2 years ago
2.2.7
10 months ago
2.3.0
10 months ago
2.3.1
10 months ago
2.3.2
7 months ago
2.3.3
7 months ago

Advisory timeline

  1. published

    Advisory published
    Dec 16th, 2016
  2. reported

    Nov 30th, 2016