Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5g4r-87v2-jqvx

GitHub Security Advisory

Downloads Resources over HTTP in apk-parser

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

apk-parser is a tool to extract Android Manifest info from an APK file.

apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

## Recommendation

Update to version 0.1.6 or later.

Affected Packages

npm apk-parser
Affected versions: 0 (fixed in 0.1.6)

Related CVEs

CVE-2016-10564

Key Information

GHSA ID
GHSA-5g4r-87v2-jqvx
Published
September 1, 2020 4:05 PM
Last Modified
August 31, 2020 6:14 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
apk-parser
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.