Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2022-1440 Vulnerability in npm package git-interface
CVE-2017-5858 Vulnerability in npm package converse.js
CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink
CVE-2022-31170 Vulnerability in npm package @openzeppelin/contracts
CVE-2023-34981 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core