Affected versions of healthcenter
insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running healthcenter
.
This package has been deprecated, and moved to a new package on npm: appmetrics
.
In order to mitigate this vulnerability, please install the appmetrics
package in place of healthcenter
via the following commands:
npm uninstall healthcenter -s
npm install appmetrics -s
CPE | Name | Operator | Version |
---|---|---|---|
healthcenter | ge | 0.0.0 |