CVE-2016-10654: Downloads Resources over HTTP in sfml
6.8
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.39308%
CWE
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
sfml | npm | <= 0.0.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information indicates that the 'sfml' package insecurely downloads resources over HTTP, but no specific code snippets, commit diffs, or implementation details are available to identify exact vulnerable functions. The advisory and CVE description broadly describe the insecure download behavior but do not reference specific functions/modules responsible for the HTTP requests. Without access to the package's source code (e.g., functions
using http.get()
instead of https.get()
), we cannot confidently map the vulnerability to concrete function names or file paths. The lack of patch/commit information further limits the ability to pinpoint vulnerable code.