Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2013-7454 Vulnerability in npm package validator

CVE-2020-28448 Vulnerability in npm package multi-ini

CVE-2023-26132 Vulnerability in npm package dottie

CVE-2021-41973 Vulnerability in maven package org.apache.mina:mina-http

CVE-2016-10682 Vulnerability in npm package massif

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory