CVE-2016-10560

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-10560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10560

Aliases

GHSA-x5ph-4fr4-g7fw

Published

2018-05-31T20:29:02.157Z

Modified

2026-04-10T03:47:30.852353Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

References

https://nodesecurity.io/advisories/170

Affected packages

Git / github.com/hypery2k/galenframework-cli

Affected ranges

Type

GIT

Repo

https://github.com/hypery2k/galenframework-cli

Events

Introduced

Fixed

11abe1ef450fc924b7081839a5665384f5640088

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.1"
        }
    ]
}

Affected versions

v1.*

v1.6.2

v1.6.3

v1.6.4

v2.*

v2.0.10

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10560.json"