Description

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/248

Related Vulnerabilities

CVE-2021-21295 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2017-16122 Vulnerability in npm package cuciuci

CVE-2020-8129 Vulnerability in npm package script-manager

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-nifi-parent

CVE-2017-16670 Vulnerability in maven package com.smartbear.soapui:soapui-project

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory