Description

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/183

Related Vulnerabilities

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2023-31417 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2018-13339 Vulnerability in maven package org.webjars.bower:angular-redactor

CVE-2020-2323 Vulnerability in maven package io.jenkins.plugins:chaos-monkey

CVE-2020-21122 Vulnerability in maven package com.bstek.ureport:ureport2-console

Severity

Critical

Classification

CWE-311 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory