Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10673 Vulnerability in npm package ipip-coffee

Description

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.

Remediation

References

https://nodesecurity.io/advisories/279

Related Vulnerabilities

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-email

CVE-2022-23617 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-1002201 Vulnerability in maven package org.zeroturnaround:zt-zip

CVE-2021-21267 Vulnerability in npm package schema-inspector

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory