Description
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/234
Related Vulnerabilities
CVE-2022-38545 Vulnerability in npm package valine
CVE-2017-16129 Vulnerability in maven package org.webjars.bower:superagent
CVE-2018-3729 Vulnerability in npm package localhost-now
CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload
CVE-2019-16775 Vulnerability in maven package org.webjars:npm