Description
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/184
Related Vulnerabilities
CVE-2017-7666 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2022-39266 Vulnerability in npm package isolated-vm
CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast-spring
CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2018-1284 Vulnerability in maven package org.apache.hive:hive-exec