CVE-2016-10620

Name of the Vulnerable Software and Affected Versions atom-node-module-installer (affected versions not specified)

Description The issue concerns the insecure download of executable binaries over unencrypted HTTP connections, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is positioned between the user and the remote server or has a privileged network position, they can intercept the response and replace the executable with a malicious one. This could result in remote code execution (RCE) on the system running the affected software.

Recommendations To mitigate the risk, avoid using this package if possible, and consider using a different package instead. As a temporary workaround, ensure that this package is not installed while connected to a public network to reduce the risk of exploitation.