Vulnerability: Insecure Data Resource Download in geoip-lite-country

Vulnerability: Insecure Data Resource Download in geoip-lite-country

CVE-2016-10568 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Learn more about our Web Application Penetration Testing UK.