Description
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/197
Related Vulnerabilities
CVE-2019-1003024 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2022-0401 Vulnerability in npm package w-zip
CVE-2021-43803 Vulnerability in npm package next
CVE-2022-39313 Vulnerability in npm package parse-server
CVE-2017-4971 Vulnerability in maven package org.springframework.webflow:spring-webflow