3 matches found
nodeway-ipip (>=0.0.1 <=1.0.2) potentially affected by CVE-2016-10594 via ipip (=3.0.0)
ipip NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ipip and may be impacted: - nodeway-ipip =0.0.1, =1.0.2 Source cves: CVE-2016-10594 Source advisory: OSV:GHSA-9GQH-Q4CX-F2H9...
CVE-2016-10594
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10594
CVE-2016-10594 concerns the Node.js package ipip, which downloads data resources over HTTP from ipip.net. The root cause is insecure HTTP fetches, enabling a network attacker with position to modify or read the resources, potentially leading to information disclosure and, in some configurations, ...