CVE-2016-10577

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10577
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10577.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10577
Aliases
Published
2018-05-29T20:29:01Z
Modified
2025-01-08T09:54:42.995075Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ibmdb is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibmdb before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

References

Affected packages

Git / github.com/ibmdb/node-ibm_db

Affected ranges

Type
GIT
Repo
https://github.com/ibmdb/node-ibm_db
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d7e2d4b4cbeb6f067df8bba7d0b2ac5d40fcfc19
Fixed
d7e2d4b4cbeb6f067df8bba7d0b2ac5d40fcfc19

Affected versions

1.*

1.0.0

v-0.*

v-0.0.1
v-0.0.2
v-0.0.3