Miggo Logo

CVE-2016-10676: Downloads Resources over HTTP in rs-brightcove

9.3

CVSS Score

Basic Information

EPSS Score
0.66847%
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
rs-brightcovenpm<= 0.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information indicates insecure HTTP downloads occur in rs-brightcove, but no specific code snippets, file paths, or function names are disclosed in the advisory details, GitHub diff, or CVE/NVD descriptions. While the vulnerability clearly stems from HTTP-based resource fetching (e.g., using insecure methods like http.get() or similar), the lack of access to the package's source code or explicit documentation of the affected functions prevents high-confidence identification of specific vulnerable functions. The advisory explicitly states 'No known source code' and 'Current Vulnerable Functions' is empty in the input data.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `rs-*ri**t*ov*` ins**ur*ly *ownlo** *n *x**ut**l* ov*r *n un*n*rypt** *TTP *onn**tion. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, it is possi*l* to int*r**pt t** r*spons* *n* r*pl*** t** *x**ut**l* wit* *

Reasoning

T** provi*** vuln*r**ility in*orm*tion in*i**t*s ins**ur* *TTP *ownlo**s o**ur in rs-*ri**t*ov*, *ut no sp**i*i* *o** snipp*ts, *il* p*t*s, or *un*tion n*m*s *r* *is*los** in t** **visory **t*ils, *it*u* *i**, or *V*/NV* **s*riptions. W*il* t** vuln*