CVE-2016-3956 vulnerability in IBM and Other Products
Published on July 2, 2016

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

NVD

Products Associated with CVE-2016-3956

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-3956 are published in these products:

IBM Sdk

nodejs node.js

Npmjs Npm

Exploit Probability

EPSS

2.62%

Percentile

85.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-3956 vulnerability in IBM and Other ProductsPublished on July 2, 2016

Products Associated with CVE-2016-3956

Exploit Probability

CVE-2016-3956 vulnerability in IBM and Other Products
Published on July 2, 2016