Description
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/248
Related Vulnerabilities
CVE-2020-13933 Vulnerability in maven package org.apache.shiro:shiro-web
CVE-2021-23451 Vulnerability in npm package otp-generator
CVE-2019-10471 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave
CVE-2021-23702 Vulnerability in npm package object-extend
CVE-2020-7606 Vulnerability in npm package docker-compose-remote-api