Arbitrary Bearer Token Exposure in npm and Node.js CLI

Arbitrary Bearer Token Exposure in npm and Node.js CLI

CVE-2016-3956 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

Learn more about our Cis Benchmark Audit For Server Software.