CVE-2016-10649

Name of the Vulnerable Software and Affected Versions frames-compiler versions (affected versions not specified)

Description The issue allows for a man-in-the-middle (MITM) attack due to the insecure download of binary resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the requested binary with a malicious one, particularly if the attacker has a privileged network position.

Recommendations For all affected versions, consider avoiding the use of this package until a patch is available. As a temporary workaround, restrict the installation of this package to private networks to minimize the risk of exploitation.