Description
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/183
Related Vulnerabilities
CVE-2017-7683 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2020-13921 Vulnerability in maven package org.apache.skywalking:storage-jdbc-hikaricp-plugin
CVE-2017-9096 Vulnerability in maven package com.itextpdf:itextpdf
CVE-2020-7009 Vulnerability in maven package org.elasticsearch:elasticsearch