Miggo Logo

CVE-2016-10654: Downloads Resources over HTTP in sfml

6.8

CVSS Score

Basic Information

EPSS Score
0.39308%
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
sfmlnpm<= 0.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information indicates that the 'sfml' package insecurely downloads resources over HTTP, but no specific code snippets, commit diffs, or implementation details are available to identify exact vulnerable functions. The advisory and CVE description broadly describe the insecure download behavior but do not reference specific functions/modules responsible for the HTTP requests. Without access to the package's source code (e.g., functions using http.get() instead of https.get()), we cannot confidently map the vulnerability to concrete function names or file paths. The lack of patch/commit information further limits the ability to pinpoint vulnerable code.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `s*ml` ins**ur*ly *ownlo** r*sour**s ov*r *TTP. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, t**y **n mo*i*y or r*** su** r*sour**s *t will. W*il* t** *x**t s*v*rity o* imp**t *or * vuln*r**ility lik* t*is

Reasoning

T** provi*** vuln*r**ility in*orm*tion in*i**t*s t**t t** 's*ml' p**k*** ins**ur*ly *ownlo**s r*sour**s ov*r *TTP, *ut no sp**i*i* *o** snipp*ts, *ommit *i**s, or impl*m*nt*tion **t*ils *r* *v*il**l* to i**nti*y *x**t vuln*r**l* *un*tions. T** **viso