Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph
CVE-2019-0199 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2019-16775 Vulnerability in maven package org.webjars.npm:npm
CVE-2021-26544 Vulnerability in maven package org.apache.livy:livy-server
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors