CVE-2016-10563

Summary

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

Affected Software

VendorProductVersion RangeStatus
HackerOnego-ipfs-dep node module<0.4.4affected

Weaknesses

  • CWE-311: Missing Encryption of Sensitive Data (CWE-311)

ADP Enrichment

CVE Program Container

Additional References

References