Miggo Logo

CVE-2016-10611: Downloads Resources over HTTP in strider-sauce

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.72638%
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
strider-saucenpm<= 0.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure HTTP downloads, but the provided information lacks specific code references, commit diffs, or file paths showing implementation details. While we can infer that functions handling resource downloads using HTTP would be vulnerable (e.g., HTTP client calls to fetch Sauce Connect executables), the absence of concrete code examples, GitHub patch details, or file paths prevents high-confidence identification of specific functions. The advisory only describes the vulnerability abstractly without pointing to exact code locations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `stri**r-s*u**` ins**ur*ly *ownlo** *n *x**ut**l* ov*r *n un*n*rypt** *TTP *onn**tion. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, it is possi*l* to int*r**pt t** r*spons* *n* r*pl*** t** *x**ut**l* wit* *

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* *TTP *ownlo**s, *ut t** provi*** in*orm*tion l**ks sp**i*i* *o** r***r*n**s, *ommit *i**s, or *il* p*t*s s*owin* impl*m*nt*tion **t*ils. W*il* w* **n in**r t**t `*un*tions` **n*lin* r*sour** *ownlo**s usin* *TTP