The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-07-02T14:00:00
Updated: 2024-08-06T00:10:31.975Z
Reserved: 2016-04-05T00:00:00
Link: CVE-2016-3956
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-07-02T14:59:19.417
Modified: 2024-11-21T02:51:01.750
Link: CVE-2016-3956
Redhat