Lucene search
PRIOn knowledge basePRION:CVE-2016-3956HistoryJul 02, 2016 - 2:59 p.m.
Authorization
2016-07-0214:59:00
PRIOn knowledge base
www.prio-n.com
2
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
References
blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
www-01.ibm.com/support/docview.wss?uid=swg21980827
github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
github.com/npm/npm/issues/8380
nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
Related
ubuntu
ubuntu
npm vulnerability
2021-03-15 00:00:00
ibm
ibm
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM : npm vulnerability (USN-4785-1)
2023-10-16 00:00:00
cvelist
cvelist
CVE-2016-3956
2016-07-02 14:00:00
nodejs
nodejs
npm Token Leak
2016-04-01 16:57:21
osv
osv
npm Token Leak in npm
2018-07-31 22:58:35
npm vulnerability
2021-03-15 21:03:23
nvd
nvd
CVE-2016-3956
2016-07-02 14:59:19
CVE-2016-1000014
2016-10-06 14:59:17
github
github
npm Token Leak in npm
2018-07-31 22:58:35
debiancve
debiancve
CVE-2016-3956
2016-07-02 14:59:19
openvas
openvas
Ubuntu: Security Advisory (USN-4785-1)
2023-01-27 00:00:00
cve
cve
CVE-2016-3956
2016-07-02 14:59:19
CVE-2016-1000014
2016-10-06 14:59:17
ubuntucve
ubuntucve
CVE-2016-3956
2016-07-02 00:00:00
prion
prion
Design/Logic Flaw
2016-10-06 14:59:00