CVE-2016-10671

Name of the Vulnerable Software and Affected Versions mystem-wrapper versions (affected versions not specified)

Description The issue concerns the mystem-wrapper module, which downloads binary resources over HTTP. This makes it susceptible to man-in-the-middle (MITM) attacks, potentially allowing for remote code execution (RCE) if an attacker intercepts and alters the downloaded resources. In scenarios where an attacker has a privileged network position, they can replace the executable with a malicious one, resulting in code execution on the system running mystem-wrapper.

Recommendations To mitigate the issue, avoid using this package if possible, and consider using a different package instead. As a temporary workaround, ensure that this package is not installed while connected to a public network to reduce the risk of exploitation.