Base Score

HIGH8.1

CVE-2018-1000096

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 13, 2018, 01:29

Affected Versions(1)

tiny-json-http(npm)

Introduced1.0.1

Fixed7.0.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
tiny-json-http(npm)	1.0.1	7.0.0	N/A

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/brianleroux/tiny-json-http/pull/15

Base Score

HIGH8.1

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH