Description

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/211

Related Vulnerabilities

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-jasper

CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common

CVE-2017-12159 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2015-8856 Vulnerability in npm package serve-index

CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory