Description
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/184
Related Vulnerabilities
CVE-2013-6393 Vulnerability in npm package libyaml
CVE-2022-31191 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog
CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.11