Description

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/218

Related Vulnerabilities

CVE-2016-5003 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2017-12161 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2020-7021 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2020-5207 Vulnerability in maven package io.ktor:ktor-server-cio

CVE-2021-27515 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory