Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2016-10695 Vulnerability in npm package npm-test-sqlite3-trunk
CVE-2018-19413 Vulnerability in maven package org.sonarsource.sonarqube:sonar-plugin-api
CVE-2018-1339 Vulnerability in maven package org.apache.tika:tika-parsers