CVE-2016-10552
Resources Downloaded over Insecure Protocol in igniteui
EPSS 0.14%
Description
Affected versions of `igniteui` download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection. ## Recommendation The `igniteui` package has been deprecated by the package author and now exists under [`ignite-ui`](https://preview.npmjs.com/package/ignite-ui), which should be used in place of this package.
How to fix CVE-2016-10552
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2016-10552 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.0.5