Description
In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack.
Recommendation
Update the dectalk-tts package to the latest compatible version. Followings are version details:
- Affected version(s): = 1.0.0
- Patched version(s): 1.0.1
References
- GHSA-6cf6-8hvr-r68w
- CVE-2024-31206
- CWE-300
- CWE-319
- CWE-598
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A4
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- ws affected by a DoS when handling a request with many HTTP headers - CVE-2024-37890
- lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability - CVE-2024-32964
- RSSHub vulnerable to Server-Side Request Forgery - CVE-2024-27927
- Sending a GET or HEAD request with a body crashes SvelteKit (GHSA-g5m6-hxpp-fc49) - CVE-2024-23641
- Tags:
- npm
- dectalk-tts
Anything's wrong? Let us know Last updated on April 05, 2024