Description
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
Remediation
References
https://nodesecurity.io/advisories/279
Related Vulnerabilities
CVE-2022-41714 Vulnerability in npm package fastest-json-copy
CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet
CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2022-21670 Vulnerability in npm package markdown-it
CVE-2019-10307 Vulnerability in maven package org.jvnet.hudson.plugins:analysis-core