Description
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/184
Related Vulnerabilities
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2018-11307 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-45207 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-image
CVE-2019-1003005 Vulnerability in maven package org.jenkins-ci.plugins:script-security