CVE-2016-10648

Name of the Vulnerable Software and Affected Versions marionette-socket-host (affected versions not specified)

Description The issue allows for potential man-in-the-middle (MITM) attacks due to the insecure download of binary resources over HTTP. This could lead to remote code execution (RCE) if an attacker intercepts and replaces the requested binary with a malicious one, particularly if the attacker has a privileged network position.

Recommendations Avoid using the marionette-socket-host package if possible, and consider using a different package instead. As a mitigation measure, reduce the risk of exploitation by not installing this package while connected to a public network. If the package is installed on a private network, minimize the risk by ensuring the network is secure and limiting access to trusted individuals. At the moment, there is no information about a newer version that contains a fix for this vulnerability.