CVE-2016-10578 — HIGH (8.1)

Q: What is CVE-2016-10578?

CVE-2016-10578 is a vulnerability with a CVSS score of 8.1 (HIGH). unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

Q: How severe is CVE-2016-10578?

CVE-2016-10578 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-10578?

Check the references section above for vendor advisories and patch information. Affected products include: Unicode Project Unicode.

Vulnerability Description

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Unicode Project	Unicode	< 9.0.0

Related Weaknesses (CWE)

CWE-310 CWE-311

References

https://nodesecurity.io/advisories/161Third Party Advisory
https://nodesecurity.io/advisories/161Third Party Advisory

FAQ

What is CVE-2016-10578?

CVE-2016-10578 is a vulnerability with a CVSS score of 8.1 (HIGH). unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

How severe is CVE-2016-10578?

CVE-2016-10578 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-10578?

Check the references section above for vendor advisories and patch information. Affected products include: Unicode Project Unicode.