CVE-2016-10596

Name of the Vulnerable Software and Affected Versions imageoptim (affected versions not specified)

Description The issue concerns a Node.js wrapper for image compression algorithms. It downloads zipped resources over HTTP, making it susceptible to Man-in-the-Middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the connection and swaps the requested tarball with a malicious one.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.