3 matches found
@dapp-stack/ipfs (>=0.1.0 <=0.5.0), @dapp-stack/scripts (>=0.1.0 <=0.3.0) +6 more potentially affected by CVE-2016-10563 via go-ipfs-dep (>=0.4.0-1 <=0.4.3-2)
go-ipfs-dep NPM version =0.4.0-1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.0, =0.4.0-hacky2, =0.9.0, =1.0.0, =1.6.0 Source cves: CVE-2016-10563 Source advisory: OSV:GHSA-G3XP-V2FF-X5C3...
CVE-2016-10563
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise...
CVE-2016-10563
CVE-2016-10563 concerns the go-ipfs-deps package, where versions before 0.4.4 download resources over HTTP. The root cause is insecure HTTP downloads that enable a MITM attacker to modify or read resources, compromising integrity and potentially enabling further impact, including remote code exec...