Lucene search
Adam BaldwinNODEJS:183HistoryNov 30, 2016 - 10:46 p.m.
Downloads Resources over HTTP
2016-11-3022:46:49
Adam Baldwin
www.npmjs.com
24
0.001 Low
EPSS
Percentile
44.7%
Overview
Affected versions of geoip-lite-country insecurely downloads resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.
Recommendation
Update to version 1.1.4 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| geoip-lite-country | lt | 1.1.4 |
Related
veracode
veracode
Man In The Middle (MitM)
2016-12-19 06:49:52
osv
osv
CVE-2016-10568
2018-05-29 20:29:00
Downloads Resources over HTTP in geoip-lite-country
2019-02-18 23:54:03
cve
cve
CVE-2016-10568
2018-05-29 20:29:00
nvd
nvd
CVE-2016-10568
2018-05-29 20:29:00
github
github
Downloads Resources over HTTP in geoip-lite-country
2019-02-18 23:54:03
prion
prion
Design/Logic Flaw
2018-05-29 20:29:00
cvelist
cvelist
CVE-2016-10568
2018-04-26 00:00:00