Description

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/183

Related Vulnerabilities

CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2017-5637 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api

CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory