Resources Downloaded over Insecure Protocol Affecting igniteui package, versions <=0.0.5
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.17% (54th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:igniteui:20160804
- published 31 Oct 2016
- disclosed 31 Oct 2016
- credit Adam Baldwin
Introduced: 31 Oct 2016
CVE-2016-10552 Open this link in a new tabOverview
This package downloads static resources such as js and css files and processes them locally.
The resources are downloaded over an unencrypted HTTP connection, allowing a malicious man in the middle to tamper with their content in transit.