CVE-2016-10595

Name of the Vulnerable Software and Affected Versions jdf-sass versions (affected versions not specified)

Description The issue arises from jdf-sass downloading executable resources over HTTP, making it susceptible to Man-In-The-Middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the request and swaps the file with a malicious one, particularly if the attacker has a privileged network position.

Recommendations For all affected versions, consider avoiding the use of this package and opt for a different package if available. As a mitigation measure, reduce the risk of exploitation by avoiding installation of this package while connected to a public network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.