CVE-2016-10685

Name of the Vulnerable Software and Affected Versions pk-app-wonderbox (affected versions not specified)

Description The issue allows for potential man-in-the-middle (MITM) attacks due to the insecure download of binary resources over HTTP. This could lead to remote code execution (RCE) if an attacker intercepts and replaces the requested resources with malicious ones, particularly if the attacker has a privileged network position.

Recommendations For all affected versions, consider avoiding the use of this package until a patch is available. As a temporary workaround, reduce the risk of exploitation by avoiding installation of this package while connected to a public network. If the package is installed on a private network, minimize the risk by ensuring the network is secure and limiting access to trusted individuals. At the moment, there is no information about a newer version that contains a fix for this vulnerability.