CVE-2016-10611

Name of the Vulnerable Software and Affected Versions strider-sauce versions prior to the patched version

Description The issue allows for a man-in-the-middle (MITM) attack due to the insecure download of zipped resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker swaps the requested zip file with a malicious one, particularly if the attacker is on the network or positioned between the user and the remote server. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running strider-sauce.

Recommendations To resolve the vulnerability, install the module manually from github using the command: npm install github:Strider-CD/strider-sauce#5ff6d65 Note that due to the lack of a version bump with the patch, you may have already installed the patched version and can disregard this advisory if that is the case.