CVE-2016-10594

EPSS 0.6%CWE-311

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Productos afectados

HackerOne · ipip node module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://nodesecurity.io/advisories/184