Skip to content

Security Fix for Resources Downloaded over Insecure Protocol - huntr.dev #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Security Fix for Resources Downloaded over Insecure Protocol - huntr.dev #7

wants to merge 2 commits into from

Conversation

huntr-helper
Copy link

https://huntr.dev/users/Mik317 has fixed the Resources Downloaded over Insecure Protocol vulnerability 🔨. Mik317 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/openframe-image/1/README.md

User Comments:

Bounty URL: https://www.huntr.dev/bounties/1-npm-openframe-image

⚙️ Description *

The openframe-image module was vulnerable against MITM and similar attacks since some resources were downloaded using a HTTP connection

💻 Technical Description *

I just changed the http links to https (certificates are OK on github.com 👍 )

🐛 Proof of Concept (PoC) *

Not needed

🔥 Proof of Fix (PoF) *

Using wireshark you're no more able to see the content of the downloaded files

👍 User Acceptance Testing (UAT)

All ok 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@huntr-helper @Mik317 @JamieSlome