CVE-2016-10581

Name of the Vulnerable Software and Affected Versions steroids versions (affected versions not specified)

Description The issue allows for a man-in-the-middle (MITM) attack due to the insecure download of resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the downloaded tarball with a malicious one. The vulnerability can be exploited if the attacker has a privileged network position, enabling them to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running steroids.

Recommendations As a temporary workaround, consider using an alternative module that is actively maintained and provides similar functionality, such as the native PhoneGap API, to mitigate this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.