Description

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/228

Related Vulnerabilities

CVE-2021-37306 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base

CVE-2016-11023 Vulnerability in maven package org.odata4j:odata4j-core

CVE-2019-10244 Vulnerability in maven package org.eclipse.kura:kura

CVE-2023-22665 Vulnerability in maven package org.apache.jena:jena-arq

CVE-2021-39135 Vulnerability in npm package @npmcli/arborist

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory