Lucene search

CVE-2016-10563

🗓️ 31 May 2018 20:02:29Reported by hackeroneType

During installation, go-ipfs-deps module < 0.4.4 insecurely downloads resources over HTTP, potentially allowing MITM attacks & compromise integrity

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Prion	Design/Logic Flaw	31 May 201820:29	–	prion
OSV	Downloads Resources over HTTP in go-ipfs-dep	18 Feb 201923:54	–	osv
NVD	CVE-2016-10563	31 May 201820:29	–	nvd
Veracode	Man In The Middle (MitM)	19 Dec 201608:34	–	veracode
Node.js	Downloads Resources over HTTP	1 Nov 201603:55	–	nodejs
Github Security Blog	Downloads Resources over HTTP in go-ipfs-dep	18 Feb 201923:54	–	github
Cvelist	CVE-2016-10563	31 May 201820:00	–	cvelist

Nvd

Vulners

Node

ipfs go-ipfs-depRange<0.4.4node.js

[
  {
    "product": "go-ipfs-dep node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "<0.4.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/diasdavid/go-ipfs-dep/pull/12
nodesecurity	www.nodesecurity.io/advisories/156

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 May 2018 20:29Current

7.9High risk

Vulners AI Score7.9

CVSS26.8

CVSS38.1

EPSS0.00144