Description
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://github.com/jser/stat-js/blob/master/data/url-mapping.js
https://nodesecurity.io/advisories/188
Related Vulnerabilities
CVE-2019-20503 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-7736 Vulnerability in npm package bmoor
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2015-0226 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom
CVE-2014-3526 Vulnerability in maven package org.apache.wicket:wicket-core