Description
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/213
Related Vulnerabilities
CVE-2021-4329 Vulnerability in npm package json-logic-js
CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard
CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2022-0436 Vulnerability in npm package grunt
CVE-2016-5007 Vulnerability in maven package org.springframework:spring-webmvc