Description
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://github.com/jser/stat-js/blob/master/data/url-mapping.js
https://nodesecurity.io/advisories/188
Related Vulnerabilities
CVE-2017-16167 Vulnerability in npm package yyooopack
CVE-2019-20174 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2018-1262 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2022-37259 Vulnerability in npm package steal
CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all