3 matches found
@2fd/graphdoc (>=2.3.0 <=2.4.0), @alizain/coconut (>=0.2.3 <=0.2.4) +882 more potentially affected by CVE-2016-10578 via unicode (>=0.6.1 <=14.0.0)
unicode NPM version =0.6.1, =2.3.0, =0.2.3, =0.1.2, =0.0.1, =0.0.6, =0.2.0, =0.1.0, =5.8.0, =5.0.0, =1.0.0, =0.0.1, =2.4.0, =1.0.0, =0.1.0-latest.1a450bb3, =1.0.0, =1.1.2 and more Source cves: CVE-2016-10578 Source advisory: OSV:GHSA-QJF4-7642-C57P...
CVE-2016-10578
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10578
CVE-2016-10578 concerns the unicode package used with Node.js. It states that unicode loads data from unicode.org and, prior to version 9.0.0, downloads binary resources over HTTP, enabling a network attacker to modify or read resources (MitM). According to connected advisories, this can lead to ...