VYPR

npm package

geoip-lite-country

pkg:npm/geoip-lite-country

Vulnerabilities (1)

  • CVE-2016-10568HigMay 29, 2018
    affected < 1.1.4fixed 1.1.4

    geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.