Description
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.
Remediation
References
https://nodesecurity.io/advisories/249
Related Vulnerabilities
CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap-sass
CVE-2020-8124 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2021-23561 Vulnerability in npm package comb
CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap