Description
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/197
Related Vulnerabilities
CVE-2016-8751 Vulnerability in maven package org.apache.ranger:ranger
CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser
CVE-2019-15602 Vulnerability in npm package fileview
CVE-2016-6810 Vulnerability in maven package org.apache.activemq:activemq-web-console