CVE-2016-10658
The CVE-2016-10658 entry concerns the native-opencv npm package, which downloads binary resources over HTTP. This insecure download path allows a network-positioned attacker to MITM and replace the requested binary with a malicious version, potentially leading to remote code execution on the host...