Description
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/211
Related Vulnerabilities
CVE-2021-28092 Vulnerability in maven package org.webjars:is-svg
CVE-2019-10419 Vulnerability in maven package org.jenkins-ci.plugins:application-director-plugin
CVE-2022-24891 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2019-16728 Vulnerability in maven package org.webjars.bower:dompurify
CVE-2020-17531 Vulnerability in maven package org.apache.tapestry:tapestry-core