Description
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/218
Related Vulnerabilities
CVE-2018-16202 Vulnerability in npm package cordova-plugin-ionic-webview
CVE-2018-3721 Vulnerability in npm package lodash.merge
CVE-2018-16489 Vulnerability in npm package just-extend
CVE-2019-16728 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:tomcat-coyote