CVE-2016-10563

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
ipfsgo-ipfs-dep
𝑥
< 0.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/diasdavid/go-ipfs-dep/pull/12
https://nodesecurity.io/advisories/156
https://github.com/diasdavid/go-ipfs-dep/pull/12
https://nodesecurity.io/advisories/156