Description
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/211
Related Vulnerabilities
CVE-2019-16777 Vulnerability in maven package org.webjars:npm
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone
CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2021-27516 Vulnerability in maven package org.webjars.bower:urijs
CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common