Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2016-9177 Vulnerability in maven package com.sparkjava:spark-core

CVE-2017-15693 Vulnerability in maven package org.apache.geode:geode-core

CVE-2022-31189 Vulnerability in maven package org.dspace:dspace-jspui

CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx

CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory