Resources Downloaded over Insecure Protocol Affecting igniteui package, versions <=0.0.5
Threat Intelligence
EPSS
0.17% (55th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:igniteui:20160804
- published 31 Oct 2016
- disclosed 31 Oct 2016
- credit Adam Baldwin
Introduced: 31 Oct 2016
CVE-2016-10552 Open this link in a new tabOverview
This package downloads static resources such as js and css files and processes them locally.
The resources are downloaded over an unencrypted HTTP connection, allowing a malicious man in the middle to tamper with their content in transit.
CVSS Scores
version 3.1