Description
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/161
Related Vulnerabilities
CVE-2022-24375 Vulnerability in npm package node-opcua
CVE-2018-18950 Vulnerability in maven package org.webjars.bowergithub.kindsoft:kindeditor
CVE-2016-10571 Vulnerability in npm package bkjs-wand
CVE-2022-25171 Vulnerability in npm package p4
CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet