Description
sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/256
Related Vulnerabilities
CVE-2021-38153 Vulnerability in maven package org.apache.kafka:kafka-clients
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2020-17532 Vulnerability in maven package org.apache.servicecomb:foundation-config
CVE-2017-3201 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer
CVE-2017-18355 Vulnerability in npm package rendertron-middleware