Description
sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/256
Related Vulnerabilities
CVE-2019-12041 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable
CVE-2019-16547 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine
CVE-2017-7673 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto