2 matches found
h5-test (>=0.1.1 <=0.2.0) potentially affected by CVE-2016-10560 via galenframework-cli (=1.6.4)
galenframework-cli NPM version =1.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on galenframework-cli and may be impacted: - h5-test =0.1.1, =0.2.0 Source cves: CVE-2016-10560 Source advisory: OSV:GHSA-X5PH-4FR4-G7FW...
CVE-2016-10560
Galenframework-cli (node wrapper) below 2.3.1 downloads binaries over HTTP, enabling MITM and possible remote code execution if an attacker intercepts the binary. Remediation: upgrade to 2.3.1 or later.