CVE-2016-10616: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 18, 2019 (updated September 16, 2021)

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

References

github.com/advisories/GHSA-mgr2-3mpv-43gc
nodesecurity.io/advisories/218
nvd.nist.gov/vuln/detail/CVE-2016-10616
www.npmjs.com/advisories/218

Detect and mitigate CVE-2016-10616 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →