CVE-2016-10676: Downloads Resources over HTTP in rs-brightcove
9.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.66847%
CWE
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
rs-brightcove | npm | <= 0.0.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information indicates insecure HTTP downloads occur in rs-brightcove, but no specific code snippets, file paths, or function names are disclosed in the advisory details, GitHub diff, or CVE/NVD descriptions. While the vulnerability clearly stems from HTTP-based resource fetching (e.g., using insecure methods like http.get()
or similar), the lack of access to the package's source code or explicit documentation of the affected functions prevents high-confidence identification of specific vulnerable functions. The advisory explicitly states 'No known source code' and 'Current Vulnerable Functions' is empty in the input data.