Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNWgtZ2g0eC04aHA5
Resources Downloaded over Insecure Protocol in igniteui
Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection.
Recommendation
The igniteui package has been deprecated by the package author and now exists under ignite-ui, which should be used in place of this package.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNWgtZ2g0eC04aHA5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-2r5h-gh4x-8hp9, CVE-2016-10552
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10552
- https://github.com/advisories/GHSA-2r5h-gh4x-8hp9
- https://www.npmjs.com/advisories/116
Affected Packages
npm:igniteui
Dependent packages: 1Dependent repositories: 2
Downloads: 78 last month
Affected Version Ranges: <= 0.0.5
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5