In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.

## Recommendation

Install version 2.0.0 or greater.

Affected Packages

npm unicode-json

Affected versions: 0 (fixed in 2.0.0)

Related CVEs

CVE-2016-10610

Key Information

GHSA ID

GHSA-hw4r-xr38-hm8j

Published

February 18, 2019 11:47 PM

Last Modified

January 8, 2021 6:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

unicode-json

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.