Description

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/184

Related Vulnerabilities

CVE-2019-9737 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2020-2109 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps

CVE-2017-7656 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2019-17554 Vulnerability in maven package org.apache.olingo:odata-server-api

CVE-2017-16225 Vulnerability in npm package aegir

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory