2 matches found
CVE-2016-10566
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10566
The CVE-2016-10566 entry concerns install-nw, a tool for installing NW.js. Versions before 1.1.5 download binary resources over HTTP, enabling MITM interference. An attacker on the network could swap the requested binary with a malicious one, potentially causing remote code execution on the user’...