Description

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Remediation

References

https://nodesecurity.io/advisories/213

Related Vulnerabilities

CVE-2021-21315 Vulnerability in npm package systeminformation

CVE-2019-1003087 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder

CVE-2019-13506 Vulnerability in npm package devalue

CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2018-1000125 Vulnerability in maven package com.inversoft:prime-jwt

Severity

Critical

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory