CVE-2016-10690

Name of the Vulnerable Software and Affected Versions openframe-ascii-image (affected versions not specified)

Description The openframe-ascii-image module is vulnerable to man-in-the-middle (MITM) attacks due to downloading resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts the response and replaces the requested resources with a malicious copy. The vulnerability can be exploited by an attacker with a privileged network position, allowing them to intercept and modify the executable downloaded by openframe-ascii-image, resulting in code execution on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a mitigation measure, consider avoiding the use of this package and use a different package if available. Alternatively, reduce the risk of exploitation by ensuring that this package is not installed while connected to a public network.