LAYER: meta PACKAGE NAME: cmake PACKAGE VERSION: 3.28.3 CVE: CVE-2016-10642 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded CVE SUMMARY: cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10642