Resources Downloaded over Insecure Protocol Affecting igniteui package, versions <=0.0.5


0.0
low

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 0.17% (53rd percentile)
Expand this section
NVD
7.4 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:igniteui:20160804
  • published 31 Oct 2016
  • disclosed 31 Oct 2016
  • credit Adam Baldwin

Overview

This package downloads static resources such as js and css files and processes them locally.

The resources are downloaded over an unencrypted HTTP connection, allowing a malicious man in the middle to tamper with their content in transit.