Description

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://github.com/jser/stat-js/blob/master/data/url-mapping.js

https://nodesecurity.io/advisories/188

Related Vulnerabilities

CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

CVE-2019-15609 Vulnerability in npm package kill-port-process

CVE-2019-16561 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer

CVE-2019-15482 Vulnerability in npm package selectize-plugin-a11y

CVE-2015-8315 Vulnerability in maven package org.webjars.npm:ms

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory