Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2016-10571

🗓️ 31 May 2018 20:02:29Reported by hackeroneType 
cve
 cve🔗 web.nvd.nist.gov👁 45 Views

bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, leaving it vulnerable to MITM attacks and possible remote code execution (RCE)

Show more
Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Github Security Blog		Downloads Resources over HTTP in bkjs-wand
18 Feb 201923:52
github
OSV		Downloads Resources over HTTP in bkjs-wand
18 Feb 201923:52
osv
NVD		CVE-2016-10571
31 May 201820:29
nvd
Node.js		Downloads Resources over HTTP
1 Dec 201616:02
nodejs
Cvelist		CVE-2016-10571
31 May 201820:00
cvelist
Prion		Remote code execution
31 May 201820:29
prion
Veracode		Man In The Middle (MitM)
20 Dec 201605:08
veracode
Nvd
Vulners
Node
bkjs-wand_projectbkjs-wandRange<0.3.2node.js
[
  {
    "product": "bkjs-wand node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "<0.3.2"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 May 2018 20:29Current
8.3High risk
Vulners AI Score8.3
CVSS29.3
CVSS38.1
EPSS0.00606
CWE-310CWE-311
bkjs-wandimagemagicknode.jsbackendjscve-2016-10571vulnerabilitymitmrcebinary resources
45
.json
Report