CVE-2016-10665

Name of the Vulnerable Software and Affected Versions herbivore versions 0.0.3 and below

Description The issue concerns a packet sniffing and crafting library that insecurely downloads binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the download and replaces the resources with malicious ones. The vulnerability can be exploited if the attacker has a privileged network position, allowing them to intercept and modify the response.

Recommendations For versions 0.0.3 and below, update the package by installing it from github using the command: npm i samatt/herbivore