CVE-2016-10597

MEDIUM

Cobalt-cli < 2.3.2 - Missing Encryption

Title source: rule

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Core 1

Core References

Third Party Advisory x_refsource_misc

CVSS v3 5.9

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-311

Status published

Products (2)

cobalt-cli_project/cobalt-cli < 2.3.2

npm/cobalt-cli 0npm

Published Jun 01, 2018

Tracked Since Feb 18, 2026