CVE-2016-10680

HIGH

adamvr-geoip-lite < 1.2.0 - Man-in-the-Middle Attack via HTTP Resource Download

Title source: llm
STIX 2.1

Description

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/283

Scores

CVSS v3 8.1
EPSS 0.0072
EPSS Percentile 48.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-310 CWE-311
Status published
Products (2)
adamvr-geoip-lite_project/adamvr-geoip-lite < 1.2.0
npm/adamvr-geoip-lite 0.0.0npm
Published May 29, 2018
Tracked Since Feb 18, 2026