CVE-2016-10621
The MITRE CVE dictionary describes this issue as:
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Find out more about CVE-2016-10621 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
The fibjs NPM module is not used in any Red Hat products.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.4 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | None |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | v8 | Will not fix |
| Red Hat Satellite 6 | v8 | Affected |
| Red Hat OpenStack Platform 9.0 | v8 | Not affected |
| Red Hat OpenStack Platform 8.0 (Liberty) | v8 | Not affected |
| Red Hat OpenStack Platform 10 | v8 | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | v8 | Not affected |
External References
CVE description copyright © 2017, The MITRE Corporation