CVE-2016-10578

Summary

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

Affected Software

VendorProductVersion RangeStatus
HackerOneunicode node module< 9.0.0affected

Weaknesses

  • CWE-311: Missing Encryption of Sensitive Data (CWE-311)

ADP Enrichment

CVE Program Container

Additional References

References