github.com/cloudfoundry/cf-deployment is vulnerable to man-in-the-middle attacks. Dependencies are downloaded via an unencrypted HTTP channel, allowing man-in-the-middle attackers to modify contents of the dependencies that are downloaded by the application, potentially causing arbitrary code execution.