Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2016-10600 Vulnerability in npm package webrtc-native
CVE-2021-3820 Vulnerability in npm package i
CVE-2022-25878 Vulnerability in npm package protobufjs
CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex
CVE-2018-3750 Vulnerability in maven package org.webjars.npm:deep-extend