Advisories for Npm/Ezseed-Transmission package

Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission. Recommendation Update to version 0.0.15 or later.

ezseed-transmission downloads a script from http://stedolan.github.io/jq/download/linux64/jq without checking the certificate. An attacker on the same network or on an ISP level could intercept the traffic and push their own version of the file, causing the attackers code to be executed.