CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-10697

HIGH
8.1
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile26.38th
Published2018年6月4日
Last Modified2024年11月21日

Vulnerability Description

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Affected Platforms (CPE)

📦
React Native Baidu Voice Synthesizer Project

React Native Baidu Voice Synthesizer

= 1.0.0

References & Advisories

🔗 https://nodesecurity.io/advisories/302
🔗 https://nodesecurity.io/advisories/302

相關漏洞威脅

CVE-2016-045210.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...

CVE-2016-048310.0

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attack...

CVE-2016-045110.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...

CVE-2016-049410.0

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embed...