2 matches found
libsbmlsim (>=0.0.1 <=0.0.2), wa-bisnis-bot (=1.0.0) potentially affected by CVE-2016-10642 via cmake (>=0.0.1 <=0.0.4)
cmake NPM version =0.0.1, =0.0.1, =0.0.2 - wa-bisnis-bot =1.0.0 Source cves: CVE-2016-10642 Source advisory: OSV:GHSA-4J59-HFW6-6W7H...
CVE-2016-10642
The CVE-2016-10642 entry corresponds to cmake downloading binary resources over HTTP, enabling MITM and potential remote code execution if an attacker is on the network. Connected sources (GHSA-4J59-HFW6-6W7H and OSV) confirm that affected cmake versions insecurely fetch executables via unencrypt...