Description

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/211

Related Vulnerabilities

CVE-2016-10612 Vulnerability in npm package dalek-browser-ie-canary

CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job

CVE-2022-36313 Vulnerability in maven package org.webjars.npm:file-type

CVE-2019-9658 Vulnerability in maven package com.puppycrawl.tools:checkstyle

CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory