Resources Downloaded over Insecure Protocol Affecting igniteui Open this link in a new tab package, versions [,0.0.5]
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-DOTNET-IGNITEUI-60172
-
published
4 Aug 2016
-
disclosed
4 Aug 2016
-
credit
Adam Baldwin
Introduced: 4 Aug 2016
CWE-494 Open this link in a new tabOverview
This package downloads static resources such as js and css files and processes them locally.
The resources are downloaded over an unencrypted HTTP connection, allowing a malicious man in the middle to tamper with their content in transit.