Description
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/184
Related Vulnerabilities
CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2016-4437 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2022-31194 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2020-25020 Vulnerability in maven package net.sf.mpxj:mpxj
CVE-2019-12814 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind