CVE-2016-10524 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2016-10524

CVE-2016-10524

May 31, 2018

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.

Affected Packages

i18n-node-angular (NPM):

Affected version(s) >=0.2.0-beta1 <1.4.0

Fix Suggestion:

Update to version 1.4.0

Related Resources (6)

https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8

https://nodesecurity.io/advisories/80

https://github.com/oliversalzburg/i18n-node-angular

https://nvd.nist.gov/vuln/detail/CVE-2016-10524

https://github.com/advisories/GHSA-97gv-3p2c-xw7j

https://www.npmjs.com/advisories/80

Do you need more information?

CVSS v4

Base Score:

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

HIGH

CVSS v3

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Uncontrolled Resource Consumption

CWE-400

EPSS

Base Score:

0.25

Products

Solutions

Resources

Company

Compare

Developer Tools