Resources Downloaded over Insecure Protocol Affecting igniteui package, versions [,0.0.5]
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-IGNITEUI-60172
- published 4 Aug 2016
- disclosed 4 Aug 2016
- credit Adam Baldwin
Overview
This package downloads static resources such as js and css files and processes them locally.
The resources are downloaded over an unencrypted HTTP connection, allowing a malicious man in the middle to tamper with their content in transit.