CVE-2016-10563

CVE-2016-10563

Vendor Hackerone
Product go-ipfs-dep node module
Weakness CWE-311 · Missing encryption
Published May 31, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

Key dates

02Disclosure timeline

May 31, 2018 CVE published
September 16, 2024 Record updated