Description
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/248
Related Vulnerabilities
CVE-2013-6393 Vulnerability in npm package libyaml
CVE-2020-14966 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser
CVE-2017-16043 Vulnerability in npm package shout
CVE-2021-33562 Vulnerability in maven package com.shopizer:shopizer