Description
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/197
Related Vulnerabilities
CVE-2016-10586 Vulnerability in npm package macaca-chromedriver
CVE-2019-0205 Vulnerability in maven package org.apache.thrift:libthrift
CVE-2017-16213 Vulnerability in npm package mfrserver
CVE-2019-9737 Vulnerability in npm package editor.md
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab