CVE-2016-1000224 — Insecure Defaults Leads to Potential MITM in ezseed-transmission

Description

Affected versions of `ezseed-transmission` download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running `ezseed-transmission`. ## Recommendation Update to version 0.0.15 or later.

How to fix CVE-2016-1000224

To remediate CVE-2016-1000224, upgrade the affected package to a fixed version below.

—upgrade to 0.0.15 or later

Is CVE-2016-1000224 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000224.

Affected packages (1)

>= 0.0.10, < 0.0.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.2	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000224
WEBsnyk.io/vuln/npm:ezseed-transmission:20160729
WEBwww.npmjs.com/advisories/114