← Back

CVE-2016-3956

nvd nist
Published: Jul 2, 2016Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

Affected (95)

Products: Ibm: Sdk · Nodejs: Node.js · Npmjs: Npm
Ibm
1 product
Sdk
Nodejs
1 product
Node.js
Npmjs
1 product
Npm
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Sdk
Up to 1.1.0.20
Sdk
Up to 1.2.0.10
Sdk
Up to 4.4.1.0
Configuration B
90 vulnerable
Vulnerable SoftwareAffected Versions
Nodejs
Node.js
Version 0.10.0
Node.js
Version 0.10.10
Node.js
Version 0.10.11
Node.js
Version 0.10.12
Node.js
Version 0.10.13
Node.js
Version 0.10.14
Node.js
Version 0.10.15
Node.js
Version 0.10.16-isaacs-manual
Node.js
Version 0.10.16
Node.js
Version 0.10.17
Node.js
Version 0.10.18
Node.js
Version 0.10.19
Node.js
Version 0.10.1
Node.js
Version 0.10.20
Node.js
Version 0.10.21
Node.js
Version 0.10.22
Node.js
Version 0.10.23
Node.js
Version 0.10.24
Node.js
Version 0.10.25
Node.js
Version 0.10.26
Node.js
Version 0.10.27
Node.js
Version 0.10.28
Node.js
Version 0.10.29
Node.js
Version 0.10.2
Node.js
Version 0.10.30
Node.js
Version 0.10.31
Node.js
Version 0.10.32
Node.js
Version 0.10.33
Node.js
Version 0.10.34
Node.js
Version 0.10.35
Node.js
Version 0.10.36
Node.js
Version 0.10.37
Node.js
Version 0.10.38
Node.js
Version 0.10.39
Node.js
Version 0.10.3
Node.js
Version 0.10.40
Node.js
Version 0.10.41
Node.js
Version 0.10.4
Node.js
Version 0.10.5
Node.js
Version 0.10.6
Node.js
Version 0.10.7
Node.js
Version 0.10.8
Node.js
Version 0.10.9
Node.js
Version 0.12.0
Node.js
Version 0.12.1
Node.js
Version 0.12.2
Node.js
Version 0.12.3
Node.js
Version 0.12.4
Node.js
Version 0.12.5
Node.js
Version 0.12.6
Node.js
Version 0.12.7
Node.js
Version 0.12.8
Node.js
Version 0.12.9
Node.js
Version 4.0.0
Node.js
Version 4.1.0
Node.js
Version 4.1.1
Node.js
Version 4.1.2
Node.js
Version 4.2.0
Node.js
Version 4.2.1
Node.js
Version 4.2.2
Node.js
Version 4.2.3
Node.js
Version 4.2.4
Node.js
Version 4.2.5
Node.js
Version 4.2.6
Node.js
Version 4.3.0
Node.js
Version 4.3.1
Node.js
Version 4.3.1 rc.1
Node.js
Version 4.3.1 rc.2
Node.js
Version 4.3.2
Node.js
Version 4.4.0
Node.js
Version 4.4.0 rc.1
Node.js
Version 4.4.0 rc.2
Node.js
Version 4.4.0 rc.3
Node.js
Version 4.4.0 rc.4
Node.js
Version 4.4.1
Node.js
Version 5.0.0
Node.js
Version 5.1.0
Node.js
Version 5.1.1
Node.js
Version 5.2.0
Node.js
Version 5.3.0
Node.js
Version 5.4.0
Node.js
Version 5.4.1
Node.js
Version 5.5.0
Node.js
Version 5.6.0
Node.js
Version 5.7.0
Node.js
Version 5.7.1
Node.js
Version 5.8.0
Node.js
Version 5.8.1 rc.1
Node.js
Version 5.9.0
Node.js
Version 5.9.1
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Npmjs
Npm
Before 2.15.1
Npm
From 3.0.0 to 3.8.3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.