Description
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/183
Related Vulnerabilities
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2017-5637 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job