Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2022-31018 Vulnerability in maven package com.typesafe.play:play_2.13

CVE-2020-7749 Vulnerability in npm package osm-static-maps

CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation

CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory