Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2017-16183 Vulnerability in npm package iter-server

CVE-2018-14042 Vulnerability in npm package bootstrap

CVE-2020-2243 Vulnerability in maven package org.jenkins-ci.plugins:vmanager-plugin

CVE-2017-3160 Vulnerability in npm package cordova-android

CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core_2.10

Severity

Critical

Classification

CWE-311 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory