CVE-2016-10629

Name of the Vulnerable Software and Affected Versions nw-with-arm (affected versions not specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the requested binary with a malicious one. The vulnerability can be exploited when an attacker has a privileged network position.

Recommendations To mitigate the issue, avoid using the nw-with-arm package if possible, and consider using a different package instead. As a temporary workaround, reduce the risk of exploitation by avoiding installation of the package while connected to a public network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.