Description
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/213
Related Vulnerabilities
CVE-2022-24773 Vulnerability in npm package node-forge
CVE-2022-25869 Vulnerability in npm package angular
CVE-2015-8851 Vulnerability in npm package node-uuid
CVE-2021-38153 Vulnerability in maven package org.apache.kafka:kafka-clients
CVE-2019-16562 Vulnerability in maven package org.jenkins-ci.plugins:buildgraph-view