2 matches found
app-bundle-info (>=0.0.4 <=0.2.2), chromeos-apk (>=1.0.0 <=2.0.0) +1 more potentially affected by CVE-2016-10632 via apk-parser2 (=0.1.1)
apk-parser2 NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on apk-parser2 and may be impacted: - app-bundle-info =0.0.4, =1.0.0, =1.0.0, =1.1.0 Source cves: CVE-2016-10632 Source advisory: OSV:GHSA-HXHM-3VJ9-6CQH...
CVE-2016-10632
CVE-2016-10632 affects apk-parser2, which downloads binary resources over HTTP. In network positions where an attacker can intercept traffic, the executable could be swapped with a malicious one, potentially leading to remote code execution on the host running apk-parser2. There is no patch avail...