Description

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.

Remediation

References

https://nodesecurity.io/advisories/116

Related Vulnerabilities

CVE-2017-18077 Vulnerability in maven package org.webjars.npm:brace-expansion

CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass

CVE-2018-16475 Vulnerability in npm package knightjs

CVE-2020-12648 Vulnerability in npm package tinymce

CVE-2016-10671 Vulnerability in npm package mystem-wrapper

Severity

High

Classification

CWE-254 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory