QID 983980

QID 983980: Nodejs (npm) Security Update for unicode-json (GHSA-hw4r-xr38-hm8j)

Affected versions of `unicode-json` insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution. ## Recommendation Install version 2.0.0 or greater.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

CVSS V3 rated as Critical - 8.1 severity.

CVSS V2 rated as High - 6.8 severity.

Solution

Customers are advised to refer to GHSA-hw4r-xr38-hm8j for updates pertaining to this vulnerability.

Vendor References

GHSA-hw4r-xr38-hm8j - github.com/advisories/GHSA-hw4r-xr38-hm8j

CVEs related to QID 983980

CVE-2016-10610 |

Software Advisories

Advisory ID	Software	Component	Link
GHSA-hw4r-xr38-hm8j	unicode-json		github.com/advisories/GHSA-hw4r-xr38-hm8j

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].