Description
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/211
Related Vulnerabilities
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper
CVE-2016-10642 Vulnerability in npm package cmake
CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack
CVE-2020-28487 Vulnerability in maven package org.webjars.npm:vis-timeline
CVE-2020-2184 Vulnerability in maven package org.jenkins-ci.plugins:cvs