-
Notifications
You must be signed in to change notification settings - Fork 122
/
26.json
9 lines (9 loc) · 904 Bytes
/
26.json
1
2
3
4
5
6
7
8
9
{
"cve": [],
"description": "security flaw in the use of npm authentication tokens in HTTP requests",
"vulnerable": "5.x || 4.x",
"patched": "^5.10.0 || 4.4.2",
"ref": "https://github.com/npm/node/pull/6",
"overview": "Upgrade npm to fixes a security flaw in the use of\nauthentication tokens in HTTP requests that would allow an attacker to set up a\nserver that could collect tokens from users of the command-line interface.\nAuthentication tokens have previously been sent with every request made by the\nCLI for logged-in users, regardless of the destination of the request. This\nupdate fixes this by only including those tokens for requests made against the\nregistry or registries used for the current install.\n\nThis is a flaw in the version of npm included with node.\n\nnpm is updated to 3.8.3 in node 5.10.1, and to 2.15.1 in node 4.4.2.\n\n",
"affectedEnvironments": ["all"]
}