CVE-2016-10597

Name of the Vulnerable Software and Affected Versions cobalt-cli versions (affected versions not specified)

Description The issue allows for man-in-the-middle (MITM) attacks due to the insecure download of resources over HTTP. In a scenario where an attacker has a privileged network position, they can intercept the response and replace the executable with a malicious one, resulting in code execution on the system running cobalt-cli.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider avoiding the use of this package and use a different package if available. Alternatively, reduce the risk of exploitation by ensuring that this package is not installed while connected to a public network.