imageoptim is vulnerable to man-in-the-middle (MitM) attack. It allows the download of executable resources HTTP, leading to MitM. Moreover, an attacker can also swap the authentic file with its malicious file to launch remote code execution (RCE) if the attacker is on the network or positioned in between the user and the remote server.
CPE | Name | Operator | Version |
---|---|---|---|
imageoptim | le | 0.5.0 |