CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

CVE-2024-31206

CVE-2024-31206 affects the Node package dectalk-tts . In 1.0.0, the module makes HTTP (unencrypted) requests to the aeiou Dectalk web API, creating a potential man-in-the-middle risk where traffic could be intercepted or modified. The network traffic was upgraded to HTTPS in version 1.0.1. The av...

GHSA-6CF6-8HVR-R68W dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

dectalk-tts 安全漏洞

dectalk-tts is a simple Node package from Justin McBride's personal developer. A security vulnerability exists in dectalk-tts version 1.0.0, which stems from the use of unencrypted HTTP requests that are vulnerable to interception and modification by an attacker...