Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2016-10633 Vulnerability in npm package dwebp-bin

CVE-2020-14062 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2018-11770 Vulnerability in maven package org.apache.spark:spark-core

CVE-2017-16095 Vulnerability in npm package serverliujiayi1

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk18on

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory