CVE-2016-10679

Name of the Vulnerable Software and Affected Versions selenium-standalone-painful (affected versions not specified)

Description The issue allows for a man-in-the-middle (MITM) attack due to the download of binary resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts the request and provides a malicious executable instead. The vulnerability can be exploited when an attacker has a privileged network position, allowing them to replace the downloaded executable with a malicious one, resulting in code execution on the system running the affected software.

Recommendations For all affected versions, consider avoiding the use of this package until a secure version is available. As a temporary workaround, avoid installing this package while connected to a public network to reduce the risk of exploitation. If the package must be installed, ensure it is done on a private network to minimize the risk of exploitation by unauthorized parties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.