GHSA-2r5h-gh4x-8hp9

Suggest an improvement
Source
https://github.com/advisories/GHSA-2r5h-gh4x-8hp9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-2r5h-gh4x-8hp9/GHSA-2r5h-gh4x-8hp9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2r5h-gh4x-8hp9
Aliases
  • CVE-2016-10552
Published
2019-02-18T23:40:14Z
Modified
2023-11-08T03:58:12.134165Z
Summary
Resources Downloaded over Insecure Protocol in igniteui
Details

Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection.

Recommendation

The igniteui package has been deprecated by the package author and now exists under ignite-ui, which should be used in place of this package.

Database specific 
{
    "cwe_ids": [
        "CWE-311"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:53Z",
    "nvd_published_at": null,
    "severity": "LOW"
}
References

Affected packages

npm / igniteui

Package

Name
igniteui
View open source insights on deps.dev
Purl
pkg:npm/igniteui

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.5

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-2r5h-gh4x-8hp9/GHSA-2r5h-gh4x-8hp9.json"