CVE-2016-10594

EPSS 0.6%CWE-311

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Produtos afetados

HackerOne · ipip node module

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://nodesecurity.io/advisories/184