Description
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/161
Related Vulnerabilities
CVE-2018-25007 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-2157 Vulnerability in maven package org.jenkins-ci.plugins:skytap
CVE-2020-7689 Vulnerability in npm package bcrypt
CVE-2016-10587 Vulnerability in npm package wasdk
CVE-2014-3579 Vulnerability in maven package org.apache.activemq:apollo-selector