CVE-2016-10580
Summary: nodewebkit downloads zipped resources over HTTP, which enables MITM modification of the downloaded payload to execute arbitrary code on the host. In exposed network positions, an attacker can intercept and swap the zip file, leading to potential RCE on systems running nodewebkit. Public ...