Description
In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack.
Recommendation
Update the dectalk-tts package to the latest compatible version. Followings are version details:
- Affected version(s): = 1.0.0
- Patched version(s): 1.0.1
References
- GHSA-6cf6-8hvr-r68w
- CVE-2024-31206
- CWE-300
- CWE-319
- CWE-598
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A4
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- Directory Traversal in node-simple-router - CVE-2017-16083
- csvjson vulnerable to prototype injection - CVE-2025-57318
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- devalue prototype pollution vulnerability - CVE-2025-57820
- Tags:
- npm
- dectalk-tts
Anything's wrong? Let us know Last updated on April 05, 2024