Gfe Sass Project

gfe-sass_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Gfe Sass

gfe-sass

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-16040 1Gfe Sass Project 1Gfe Sass Nov 21, 2024 Jun 4, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the...Show more gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2017-16040

1Gfe Sass Project

1Gfe Sass

Nov 21, 2024

Jun 4, 2018

N/A· v4

8.1 HIGH· v3

9.3 HIGH· v2

gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.Show less