U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2016-3956

Change History

Reanalysis 6/15/2021 12:30:40 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:npm:npm:*:*:*:*:*:*:*:* versions up to (including) 2.15.0
     *cpe:2.3:a:npm:npm:3.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.2.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.2.2:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.2:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.3:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.4:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.5:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.6:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.7:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.8:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.9:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.10:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.11:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.3.12:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.4.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.5.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.5.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.5.2:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.5.3:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.5.4:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.6.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.2:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.3:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.4:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.7.5:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.8.0:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:npm:npm:3.8.2:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:* versions up to (excluding) 2.15.1
     *cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.8.3
Removed CVSS V3
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

								
						
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Changed Reference Type
http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability No Types Assigned
http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability Vendor Advisory
Changed Reference Type
https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 No Types Assigned
https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 Patch, Third Party Advisory
Changed Reference Type
https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 No Types Assigned
https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 Patch, Third Party Advisory
Changed Reference Type
https://github.com/npm/npm/issues/8380 No Types Assigned
https://github.com/npm/npm/issues/8380 Third Party Advisory