CVE-2016-10657

CVE-2016-10657 concerns the co-cli-installer, which downloads the co-cli module over HTTP. The underlying issue is unencrypted HTTP delivery of a binary/executable, enabling a man-in-the-middle attack where an attacker on the network could swap the downloaded resource, potentially leading to remo...