Severity: low

Resources Downloaded over Insecure Protocol



Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection.


The igniteui package has been deprecated by the package author and now exists under ignite-ui, which should be used in place of this package.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Oct 31st, 2016
  2. reported

    Initial report by Adam Baldwin
    May 15th, 2016