Description
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/184
Related Vulnerabilities
CVE-2022-31018 Vulnerability in maven package com.typesafe.play:play_2.13
CVE-2020-7749 Vulnerability in npm package osm-static-maps
CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation
CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap
CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload