headq-rtc (=1.0.0), kittyswarm (>=1.1.0 <=1.1.1) +1 more potentially affected by CVE-2016-10600 via webrtc-native (=1.4.0)

webrtc-native NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on webrtc-native and may be impacted: - headq-rtc =1.0.0 - kittyswarm =1.1.0, =1.1.1 - peeracle =0.0.3 Source cves: CVE-2016-10600 Source advisory: OSV:GHSA-7XVG-M3VX-2HHV...

CVE-2016-10600

The CVE-2016-10600 entry concerns the webrtc-native component, which uses WebRTC from the Chromium project. The vulnerability arises because webrtc-native downloads binary resources over HTTP, enabling a man‑in‑the‑middle attacker to intercept or replace the binary and potentially achieve remote ...