Description
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
Remediation
References
https://nodesecurity.io/advisories/290
Related Vulnerabilities
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2019-10350 Vulnerability in maven package org.jenkins-ci.plugins:port-allocator
CVE-2020-6464 Vulnerability in npm package electron
CVE-2011-4838 Vulnerability in maven package org.jruby:jruby
CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit