Description

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/197

Related Vulnerabilities

CVE-2018-6333 Vulnerability in npm package nuclide

CVE-2021-23354 Vulnerability in npm package printf

CVE-2018-9207 Vulnerability in npm package jquery-file-upload

CVE-2021-32573 Vulnerability in npm package express-cart

CVE-2016-6347 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs

Severity

Medium

Classification

CWE-311 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory