Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2017-7666 Vulnerability in maven package org.apache.openmeetings:openmeetings-web

CVE-2022-39266 Vulnerability in npm package isolated-vm

CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast-spring

CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-1284 Vulnerability in maven package org.apache.hive:hive-exec

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory