Miggo Logo
Miggo Vulnerability Database
CVE-2016-10602

CVE-2016-10602: Downloads Resources over HTTP in haxe

9.3

CVSS Score

Basic Information

CVE ID
CVE-2016-10602
GHSA ID
GHSA-g785-775g-f2g8
EPSS Score
0.72638%
CWE
CWE-269
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
haxenpm< 5.0.105.0.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes insecure HTTP downloads in the haxe npm package but does not include specific code snippets, commit diffs, or file paths. While the vulnerability clearly stems from HTTP-based resource fetching (e.g., using insecure protocols like http:// instead of https://), the lack of concrete code examples or patch details makes it impossible to pinpoint exact function names, file paths, or implementation contexts with high confidence. The advisory focuses on the network behavior rather than specific code locations, and no functions are explicitly named in the CVE/GHSA descriptions or supporting materials.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `**x*` ins**ur*ly *ownlo** *n *x**ut**l* ov*r *n un*n*rypt** *TTP *onn**tion. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, it is possi*l* to int*r**pt t** r*spons* *n* r*pl*** t** *x**ut**l* wit* * m*li*iou

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s ins**ur* *TTP *ownlo**s in t** `**x*` npm p**k*** *ut *o*s not in*lu** sp**i*i* *o** snipp*ts, *ommit *i**s, or *il* p*t*s. W*il* t** vuln*r**ility *l**rly st*ms *rom *TTP-**s** r*sour** **t**in* (*.*.