Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2020-26237 Vulnerability in maven package org.webjars.npm:highlight.js
CVE-2020-6462 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-33779 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2020-8237 Vulnerability in npm package json-bigint
CVE-2022-29648 Vulnerability in maven package com.jflyfox:jflyfox_jfinal