VYPR

npm package

http-signature

pkg:npm/http-signature

Vulnerabilities (1)

  • CVE-2017-16005HigJun 4, 2018
    affected < 0.10.0fixed 0.10.0

    Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he