CVE-2016-10633
CVE-2016-10633 affects dwebp-bin, a Node.js wrapper for dwebp that converts WebP to PNG. The vulnerability arises because it downloads binary resources over HTTP, enabling MITM tampering. An attacker on the network could swap the requested binary with a malicious one, potentially triggering remot...