Description
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/161
Related Vulnerabilities
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2021-42567 Vulnerability in maven package org.apereo.cas:cas-server-core-services