CVE-2016-10603

Name of the Vulnerable Software and Affected Versions air-sdk versions (affected versions not specified)

Description The issue concerns the air-sdk, which is a NPM wrapper for the Adobe AIR SDK. It downloads binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the download and replaces the binary with a malicious one. The attacker would need to be on the network or positioned between the user and the remote server to exploit this.

Recommendations To mitigate the risk, avoid using the air-sdk package if possible, and consider using a different package instead. Alternatively, reduce the risk of exploitation by not installing this package while connected to a public network, as the vulnerability can only be exploited by those with privileged network access, such as individuals who have compromised your network or have access to your ISP.