CVE-2016-10693

Name of the Vulnerable Software and Affected Versions pm2-kafka versions (affected versions not specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts and alters the downloaded resources. The vulnerability can be exploited by an attacker with a privileged network position, allowing them to replace the executable with a malicious one, resulting in code execution on the system running pm2-kafka.

Recommendations To mitigate the risk, avoid using the pm2-kafka package if possible, and consider using a different package instead. As a temporary measure, reduce the risk of exploitation by avoiding the installation of this package while connected to a public network. If the package is installed on a private network, ensure that network security is maintained to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.