CVE-2016-10610
First published: Thu Apr 26 2018(Updated: )
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Unicode Unicode-json | <2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-10610?
CVE-2016-10610 is a vulnerability in unicode-json before 2.0.0 that allows for MITM attacks due to downloading data resources over HTTP.
What software is affected by CVE-2016-10610?
Unicode Unicode-json version up to but excluding 2.0.0 running on Node.js is affected by CVE-2016-10610.
What is the severity of CVE-2016-10610?
The severity of CVE-2016-10610 is high, with a CVSS score of 8.1.
How can I fix CVE-2016-10610?
To fix CVE-2016-10610, upgrade to unicode-json version 2.0.0 or later.
Where can I find more information about CVE-2016-10610?
You can find more information about CVE-2016-10610 at this reference: https://nodesecurity.io/advisories/206
- collector/nvd-index
- agent/description
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/unicode
- canonical/unicode unicode-json