8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
dectalk-tts is vulnerable to Cleartext Transmission of Sensitive Information (‘Man-in-the-Middle’). The vulnerability is due to unencrypted HTTP traffic being sent to a third-party API. This could allows an attacker to intercept and modify traffic, leading to potential man-in-the-middle (MITM) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
dectalk-tts | eq | 1.0.0 | |
dectalk-tts | eq | 1.0.0 |
github.com/advisories/GHSA-6cf6-8hvr-r68w
github.com/JstnMcBrd/dectalk-tts/blob/b3e92156cbb699218ac9b9c7d8979abd0e635767/src/index.ts#L18
github.com/JstnMcBrd/dectalk-tts/commit/3600d8ac156f27da553ac4ead46d16989a350105
github.com/JstnMcBrd/dectalk-tts/issues/3
github.com/JstnMcBrd/dectalk-tts/pull/4
github.com/JstnMcBrd/dectalk-tts/security/advisories/GHSA-6cf6-8hvr-r68w
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%