Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2019-10744 Vulnerability in maven package org.webjars.npm:lodash

CVE-2022-35949 Vulnerability in npm package undici

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans

CVE-2019-12419 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-oidc

CVE-2017-11342 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory