@jser/classifier-item-category (=1.0.1), jser-classifier-item-category (>=1.0.1 <=1.6.1) potentially affected by CVE-2016-10592 via jser-stat (>=3.1.0 <=4.0.3)

jser-stat NPM version =3.1.0, =1.0.1, =1.6.1 Source cves: CVE-2016-10592 Source advisory: OSV:GHSA-5W4P-H4GM-3W26...

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10592

Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...