GHSA-w23f-f3c5-r9qh

Suggest an improvement
Source
https://github.com/advisories/GHSA-w23f-f3c5-r9qh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-w23f-f3c5-r9qh/GHSA-w23f-f3c5-r9qh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w23f-f3c5-r9qh
Aliases
  • CVE-2017-16041
Published
2018-07-24T15:56:19Z
Modified
2023-11-08T03:59:01.181552Z
Summary
ikst Downloads Resources over HTTP
Details

Affected versions of ikst insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.

Recommendation

Upgrade to version 1.1.2 or greater.

Database specific 
{
    "cwe_ids": [
        "CWE-311"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:59:10Z",
    "nvd_published_at": null,
    "severity": "HIGH"
}
References

Affected packages

npm / ikst

Package

Name
ikst
View open source insights on deps.dev
Purl
pkg:npm/ikst

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-w23f-f3c5-r9qh/GHSA-w23f-f3c5-r9qh.json"