CVE-2016-10563

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

Ссылки

https://github.com/diasdavid/go-ipfs-dep/pull/12
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/156
Third Party Advisory
https://github.com/diasdavid/go-ipfs-dep/pull/12
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/156
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ipfs:go-ipfs-dep:*:*:*:*:*:node.js:*:*

Версия до 0.4.4 (исключая)

EPSS

Процентиль: 34%

0.00137

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-311

CWE-310

Связанные уязвимости

GHSA-g3xp-v2ff-x5c3

github

почти 7 лет назад

Downloads Resources over HTTP in go-ipfs-dep