Homepage
About Snyk

ezseed-transmission@0.0.12 vulnerabilities

Ezseed transmission shell bindings

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ezseed-transmission package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Defaults Allow MitM

ezseed-transmission is a module that provides shell bindings for Ezseed transmission.

Between versions 0.0.10 and 0.0.14 (inclusive), ezseed-transmission would download a script from http://stedolan.github.io/jq/download/linux64/jq without checking the certificate. An attacker on the same network or on an ISP level could intercept the traffic and push their own version of the file, causing the attackers code to be executed.

Source: Node Security Project

How to fix Insecure Defaults Allow MitM?

Upgrade to at least version 0.0.15

>=0.0.10 <0.0.15
Go back to all versions of this package