PT-2018-4827 · Unknown · Frames-Compiler

Published

2018-06-04

Updated

2020-09-01

CVE-2016-10649

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions frames-compiler versions (affected versions not specified)

Description The issue allows for a man-in-the-middle (MITM) attack due to the insecure download of binary resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the requested binary with a malicious one, particularly if the attacker has a privileged network position.

Recommendations For all affected versions, consider avoiding the use of this package until a patch is available. As a temporary workaround, restrict the installation of this package to private networks to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-310

Related Identifiers

CVE-2016-10649

GHSA-9CHW-XRWX-F86J

Affected Products

Frames-Compiler

PT-2018-4827 · Unknown · Frames-Compiler

CVE-2016-10649

Weakness Enumeration

Related Identifiers

Affected Products

References · 4