Description
adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/283
Scores
CVSS v3
8.1
EPSS
0.0016
EPSS Percentile
36.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-310
CWE-311
Status
published
Products (2)
adamvr-geoip-lite_project/adamvr-geoip-lite
< 1.2.0
npm/adamvr-geoip-lite
0.0.0npm
Published
May 29, 2018
Tracked Since
Feb 18, 2026