CVE-2016-10563
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-10563
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据加密缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
go-ipfs-deps模块安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
go-ipfs-deps module是一个用于从npm安装go-ipfs二进制文件的模块。 go-ipfs-deps模块0.4.4之前版本中存在安全漏洞,该漏洞源于程序通过HTTP协议下载资源。攻击者可利用该漏洞实施中间人攻击,控制资源的完整性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HackerOne | go-ipfs-dep node module | <0.4.4 | - |
II. Public POCs for CVE-2016-10563
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-10563
请登录查看更多情报信息。
- https://github.com/diasdavid/go-ipfs-dep/pull/12x_refsource_MISC
- https://nodesecurity.io/advisories/156x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2016-10563
Same Patch Batch · HackerOne · 2018-05-31 · 50 CVEs total
| CVE-2016-10549 | Sails 安全漏洞 | |
| CVE-2016-10557 | appium-chromedriver 安全漏洞 | |
| CVE-2016-10564 | apk-parser 安全漏洞 | |
| CVE-2016-10565 | operadriver 安全漏洞 | |
| CVE-2016-10569 | embedza 安全漏洞 | |
| CVE-2016-10571 | bkjs-wand 安全漏洞 | |
| CVE-2016-10572 | mongodb-instance 安全漏洞 | |
| CVE-2016-10562 | iedriver 安全漏洞 | |
| CVE-2016-10552 | igniteui 安全漏洞 | |
| CVE-2016-10550 | sequalize SQL注入漏洞 | |
| CVE-2016-10553 | sequalize SQL注入漏洞 | |
| CVE-2016-10548 | reduce-css-calc node模块安全漏洞 | |
| CVE-2016-10547 | Nunjucks 安全漏洞 | |
| CVE-2016-10546 | PouchDB 安全漏洞 | |
| CVE-2016-10544 | uws 安全漏洞 | |
| CVE-2016-10543 | call 安全漏洞 | |
| CVE-2016-10542 | ws 安全漏洞 | |
| CVE-2016-10541 | Thshell-quote 安全漏洞 | |
| CVE-2016-10540 | Minimatch 安全漏洞 | |
| CVE-2016-10539 | negotiator 安全漏洞 |
Showing top 20 of 50 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-311
- CVE-2026-34486
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of Encr - CVE-2026-34992
Missing Encryption of Sensitive Data in antrea.io/antrea - CVE-2026-28678
dsa-hub-server: Clear-Text Storage of Sensitive Data - CVE-2026-27944
Nginx UI: Unauthenticated Backup Download with Encryption Ke - CVE-2025-15548
Missing Application-Layer Encryption in Web Interface Endpoi
V. Comments for CVE-2016-10563
No comments yet