Miggo Logo

CVE-2016-10604: dalek-browser-chrome Downloads Resources over HTTP

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.66847%
Published
2/18/2019
Updated
9/6/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
dalek-browser-chromenpm<= 0.0.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes an insecure download mechanism over HTTP but does not include specific code snippets, file paths, or function names from the dalek-browser-chrome package. While the vulnerability clearly stems from a function responsible for downloading executables via HTTP (e.g., using http.get or similar unencrypted network calls), the lack of concrete implementation details in the advisory, GitHub diff data, or source code examples makes it impossible to identify the exact vulnerable functions with high confidence. The absence of this critical context forces reliance on speculation rather than direct evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `**l*k-*rows*r-**rom*` ins**ur*ly *ownlo** *n *x**ut**l* ov*r *n un*n*rypt** *TTP *onn**tion. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, it is possi*l* to int*r**pt t** r*spons* *n* r*pl*** t** *x**ut**l*

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n ins**ur* *ownlo** m****nism ov*r *TTP *ut *o*s not in*lu** sp**i*i* *o** snipp*ts, *il* p*t*s, or *un*tion n*m*s *rom t** `**l*k-*rows*r-**rom*` p**k***. W*il* t** vuln*r**ility *l**rly st*ms *rom *