Vulnerability Details CVE-2016-10563
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.1%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2016-10563
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.0
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.0-1
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.1
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.2
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.2-1
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.3
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.3-1
-
cpe:2.3:a:ipfs:go-ipfs-dep:0.4.3-2