galenframework-cli is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute.
CPE | Name | Operator | Version |
---|---|---|---|
galenframework-cli | le | 2.3.0 | |
galenframework-cli | le | 2.0.7 |