CVE-2016-3956
- Source
- https://cve.org/CVERecord?id=CVE-2016-3956
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3956.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3956
- Aliases
- Downstream
- Related
- Published
- 2016-07-02T14:59:19.417Z
- Modified
- 2026-03-15T22:09:19.831289Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
- References
-
- http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
- http://www-01.ibm.com/support/docview.wss?uid=swg21980827
- https://github.com/npm/npm/issues/8380
- https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
- https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
- https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
Affected packages
Git / github.com/nodejs/node
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.10.0" }, { "introduced": "0" }, { "last_affected": "0.10.1" }, { "introduced": "0" }, { "last_affected": "0.10.2" }, { "introduced": "0" }, { "last_affected": "0.10.3" }, { "introduced": "0" }, { "last_affected": "0.10.4" }, { "introduced": "0" }, { "last_affected": "0.10.5" }, { "introduced": "0" }, { "last_affected": "0.10.6" }, { "introduced": "0" }, { "last_affected": "0.10.7" }, { "introduced": "0" }, { "last_affected": "0.10.8" }, { "introduced": "0" }, { "last_affected": "0.10.9" }, { "introduced": "0" }, { "last_affected": "0.10.10" }, { "introduced": "0" }, { "last_affected": "0.10.11" }, { "introduced": "0" }, { "last_affected": "0.10.12" }, { "introduced": "0" }, { "last_affected": "0.10.13" }, { "introduced": "0" }, { "last_affected": "0.10.14" }, { "introduced": "0" }, { "last_affected": "0.10.15" }, { "introduced": "0" }, { "last_affected": "0.10.16" }, { "introduced": "0" }, { "last_affected": "0.10.16-isaacs-manual" }, { "introduced": "0" }, { "last_affected": "0.10.17" }, { "introduced": "0" }, { "last_affected": "0.10.18" }, { "introduced": "0" }, { "last_affected": "0.10.19" }, { "introduced": "0" }, { "last_affected": "0.10.20" }, { "introduced": "0" }, { "last_affected": "0.10.21" }, { "introduced": "0" }, { "last_affected": "0.10.22" }, { "introduced": "0" }, { "last_affected": "0.10.23" }, { "introduced": "0" }, { "last_affected": "0.10.24" }, { "introduced": "0" }, { "last_affected": "0.10.25" }, { "introduced": "0" }, { "last_affected": "0.10.26" }, { "introduced": "0" }, { "last_affected": "0.10.27" }, { "introduced": "0" }, { "last_affected": "0.10.28" }, { "introduced": "0" }, { "last_affected": "0.10.29" }, { "introduced": "0" }, { "last_affected": "0.10.30" }, { "introduced": "0" }, { "last_affected": "0.10.31" }, { "introduced": "0" }, { "last_affected": "0.10.32" }, { "introduced": "0" }, { "last_affected": "0.10.33" }, { "introduced": "0" }, { "last_affected": "0.10.34" }, { "introduced": "0" }, { "last_affected": "0.10.35" }, { "introduced": "0" }, { "last_affected": "0.10.36" }, { "introduced": "0" }, { "last_affected": "0.10.37" }, { "introduced": "0" }, { "last_affected": "0.10.38" }, { "introduced": "0" }, { "last_affected": "0.10.39" }, { "introduced": "0" }, { "last_affected": "0.10.40" }, { "introduced": "0" }, { "last_affected": "0.10.41" }, { "introduced": "0" }, { "last_affected": "0.12.0" }, { "introduced": "0" }, { "last_affected": "0.12.1" }, { "introduced": "0" }, { "last_affected": "0.12.2" }, { "introduced": "0" }, { "last_affected": "0.12.3" }, { "introduced": "0" }, { "last_affected": "0.12.4" }, { "introduced": "0" }, { "last_affected": "0.12.5" }, { "introduced": "0" }, { "last_affected": "0.12.6" }, { "introduced": "0" }, { "last_affected": "0.12.7" }, { "introduced": "0" }, { "last_affected": "0.12.8" }, { "introduced": "0" }, { "last_affected": "0.12.9" }, { "introduced": "0" }, { "last_affected": "4.2.1" }, { "introduced": "0" }, { "last_affected": "4.2.2" }, { "introduced": "0" }, { "last_affected": "4.2.3" }, { "introduced": "0" }, { "last_affected": "4.2.4" }, { "introduced": "0" }, { "last_affected": "4.2.5" }, { "introduced": "0" }, { "last_affected": "4.2.6" }, { "introduced": "0" }, { "last_affected": "4.3.1" }, { "introduced": "0" }, { "last_affected": "4.3.1-rc\\.1" }, { "introduced": "0" }, { "last_affected": "4.3.1-rc\\.2" }, { "introduced": "0" }, { "last_affected": "4.3.2" }, { "introduced": "0" }, { "last_affected": "4.4.0-rc\\.1" }, { "introduced": "0" }, { "last_affected": "4.4.0-rc\\.2" }, { "introduced": "0" }, { "last_affected": "4.4.0-rc\\.3" }, { "introduced": "0" }, { "last_affected": "4.4.0-rc\\.4" }, { "introduced": "0" }, { "last_affected": "5.1.1" }, { "introduced": "0" }, { "last_affected": "5.8.1-rc\\.1" }, { "introduced": "0" }, { "last_affected": "5.9.1" } ] }
- Type
- GIT
- Repo
- https://github.com/npm/npm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.0.0" }, { "introduced": "0" }, { "last_affected": "4.1.0" }, { "introduced": "0" }, { "last_affected": "4.1.1" }, { "introduced": "0" }, { "last_affected": "4.1.2" }, { "introduced": "0" }, { "last_affected": "4.2.0" }, { "introduced": "0" }, { "last_affected": "4.3.0" }, { "introduced": "0" }, { "last_affected": "4.4.0" }, { "introduced": "0" }, { "last_affected": "4.4.1" }, { "introduced": "0" }, { "last_affected": "5.0.0" }, { "introduced": "0" }, { "last_affected": "5.1.0" }, { "introduced": "0" }, { "last_affected": "5.2.0" }, { "introduced": "0" }, { "last_affected": "5.3.0" }, { "introduced": "0" }, { "last_affected": "5.4.0" }, { "introduced": "0" }, { "last_affected": "5.4.1" }, { "introduced": "0" }, { "last_affected": "5.5.0" }, { "introduced": "0" }, { "last_affected": "5.6.0" }, { "introduced": "0" }, { "last_affected": "5.7.0" }, { "introduced": "0" }, { "last_affected": "5.7.1" }, { "introduced": "0" }, { "last_affected": "5.8.0" }, { "introduced": "0" }, { "last_affected": "5.9.0" }, { "introduced": "0" }, { "fixed": "2.15.1" }, { "introduced": "3.0.0" }, { "fixed": "3.8.3" } ] }
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.90
v0.1.91
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.10.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.10
v0.8.11
v0.8.12
v0.8.13
v0.8.14
v0.8.15
v0.8.16
v0.8.17
v0.8.18
v0.8.19
v0.8.2
v0.8.20
v0.8.21
v0.8.22
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v3.*
v3.0.0
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.6.0
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.8.0
v3.8.1
v3.8.2
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.0.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.0.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.4.1.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3956.json"