CVE-2016-3956 in mpmthông tin

Tóm tắt

Bởi MITRE

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

Be aware that VulDB is the high quality source for vulnerability data.

Đặt trước

05/04/2016

Tiết lộ

02/07/2016

Kiểm duyệt

được chấp nhận

mục

VDB-88539

EPSS

0.06748

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you need the next level of professionalism?

Upgrade your account now!