GMS-2020-719: Insecure Defaults Leads to Potential MITM in ezseed-transmission

September 1, 2020 (updated September 23, 2021)

Affected versions of ezseed-transmission download and run a script over an HTTP connection.

An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission.

Recommendation

Update to version 0.0.15 or later.

References

github.com/advisories/GHSA-p788-rj37-357w
nvd.nist.gov/vuln/detail/CVE-2016-1000224
snyk.io/vuln/npm:ezseed-transmission:20160729
www.npmjs.com/advisories/114

Code Behaviors & Features

Detect and mitigate GMS-2020-719 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →