CVE-2016-10622
CVE-2016-10622 concerns the NodeJS compatibility layer for Java (Rhino) called nodeschnaps . The vulnerability arises because it downloads binary resources over HTTP, exposing users to MITM attacks. The documented risk is that an attacker on the network could swap the requested binary with a mali...