CVE-2016-10638

Name of the Vulnerable Software and Affected Versions js-given versions prior to 0.0.18

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is positioned on the network or between the user and the remote server, they may swap the requested binary with a malicious one, potentially leading to remote code execution (RCE) on the system running js-given.

Recommendations Update to version 0.0.18 or later.