Description
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/161
Related Vulnerabilities
CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter
CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2018-1000013 Vulnerability in maven package org.jenkins-ci.plugins:release
CVE-2017-5929 Vulnerability in maven package ch.qos.logback:logback-core
CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin