2 matches found
CVE-2016-10574
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10574
apk-parser3 before 0.1.3 downloads binary resources over HTTP, enabling MITM tampering and potential remote code execution if an attacker can swap the binary between the user and the server. Affected component: apk-parser3 (Android Manifest extraction feature). Impact per sources: code execution ...