High severity8.1NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10563
CVE-2016-10563
Description
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
go-ipfs-depnpm | < 0.4.4 | 0.4.4 |
Affected products
2- HackerOne/go-ipfs-dep node modulev5Range: <0.4.4
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-g3xp-v2ff-x5c3ghsaADVISORY
- github.com/diasdavid/go-ipfs-dep/pull/12nvdIssue TrackingThird Party AdvisoryWEB
- nodesecurity.io/advisories/156nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10563ghsaADVISORY
- www.npmjs.com/advisories/156ghsaWEB
News mentions
0No linked articles in our index yet.