CVE-2016-10594

CVE-2016-10594 concerns the Node.js package ipip, which downloads data resources over HTTP from ipip.net. The root cause is insecure HTTP fetches, enabling a network attacker with position to modify or read the resources, potentially leading to information disclosure and, in some configurations, ...