CVE-2016-10627

Name of the Vulnerable Software and Affected Versions scala-bin versions (affected versions not specified)

Description The issue is related to scala-bin downloading binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the request and replaces the binary with a malicious one. The attack is feasible if the attacker has a privileged network position.

Recommendations For all affected versions, consider avoiding the use of scala-bin until a secure version is available. As a mitigation measure, avoid installing scala-bin while connected to a public network to reduce the risk of exploitation. If scala-bin must be installed, ensure it is done on a private network, minimizing the exposure to potential attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.