CVE-2016-10680

Опубликовано: 29 мая 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.

Ссылки

https://nodesecurity.io/advisories/283
Third Party Advisory
https://nodesecurity.io/advisories/283
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:adamvr-geoip-lite_project:adamvr-geoip-lite:*:*:*:*:*:node.js:*:*

Версия до 1.2.0 (включая)

EPSS

Процентиль: 37%

0.00163

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-311

CWE-310

Связанные уязвимости

GHSA-h2jv-5v3f-7m7j

github

больше 5 лет назад

Downloads Resources over HTTP in adamvr-geoip-lite