CVE-2016-10592
N/A
N/A
Summary
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | jser-stat node module | All versions | affected |
Weaknesses
- CWE-311: Missing Encryption of Sensitive Data (CWE-311)
ADP Enrichment
CVE Program Container
Additional References
- https://nodesecurity.io/advisories/188
- https://github.com/jser/stat-js/blob/master/data/url-mapping.js
References
- https://nodesecurity.io/advisories/188
- https://github.com/jser/stat-js/blob/master/data/url-mapping.js
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.