{"id":"CVE-2016-10529","details":"Droppy versions \u003c3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.","aliases":["GHSA-rhvc-x32h-5526"],"modified":"2026-04-10T03:47:31.580162Z","published":"2018-05-31T20:29:00.940Z","references":[{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/91"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverwind/droppy","events":[{"introduced":"0"},{"fixed":"2fe5ca01cdc9be4b8d6469ebc99b95c64c210f5d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.5.0"}]}}],"versions":["0.10.0","0.10.0-0","0.10.1","0.10.3","0.10.4","0.10.7","0.10.8","0.10.9","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.6.0","0.6.1","0.6.10","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.17","0.6.18","0.6.19","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.11","0.7.12","0.7.13","0.7.14","0.7.16","0.7.17","0.7.18","0.7.19","0.7.2","0.7.21","0.7.22","0.7.23","0.7.24","0.7.25","0.7.26","0.7.27","0.7.28","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.9.0","0.9.1","0.9.11","0.9.12","0.9.13","0.9.14","0.9.15","0.9.16","0.9.17","0.9.18","0.9.19","0.9.2","0.9.20","0.9.22","0.9.23","0.9.24","0.9.25","0.9.26","0.9.27","0.9.28","0.9.29","0.9.3","0.9.30","0.9.31","0.9.32-0","0.9.33","0.9.34","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.2","1.0.20","1.0.21","1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.3","1.0.30","1.0.33","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2.0","1.2.1","1.2.2","1.2.3","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.17","1.3.18","1.3.19","1.3.20","1.3.21","1.3.22","1.3.23","1.3.24","1.3.25","1.3.26","1.3.27","1.3.28","1.3.29","1.3.3","1.3.30","1.3.31","1.3.32","1.3.33","1.3.34","1.3.35","1.3.36","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.9.0","1.9.1","1.9.10","1.9.11","1.9.12","1.9.13","1.9.14","1.9.15","1.9.16","1.9.17","1.9.18","1.9.19","1.9.2","1.9.20","1.9.21","1.9.22","1.9.23","1.9.24","1.9.25","1.9.26","1.9.27","1.9.28","1.9.29","1.9.3","1.9.30","1.9.31","1.9.32","1.9.33","1.9.34","1.9.35","1.9.36","1.9.37","1.9.38","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","2.0.0","2.0.1","2.0.10","2.0.11","2.0.12","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.14","2.1.15","2.1.16","2.1.17","2.1.18","2.1.19","2.1.2","2.1.20","2.1.21","2.1.22","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.3.0","2.3.1","2.3.10","2.3.11","2.3.12","2.3.13","2.3.14","2.3.15","2.3.16","2.3.17","2.3.18","2.3.19","2.3.2","2.3.20","2.3.21","2.3.22","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7","2.4.8","2.4.9","2.5.0","3.0.0","3.0.1","3.0.10","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.2","3.1.3","v0.2.0","v0.2.1","v0.3.0","v0.3.5","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.6","v0.4.7","v0.4.8","v0.7.3","v3.1.4","v3.1.5","v3.2.0","v3.2.1","v3.2.10","v3.2.11","v3.2.12","v3.2.13","v3.2.14","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.2.8","v3.2.9","v3.3.0","v3.3.1","v3.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10529.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}