Description
In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack.
Recommendation
Update the dectalk-tts package to the latest compatible version. Followings are version details:
- Affected version(s): = 1.0.0
- Patched version(s): 1.0.1
References
- GHSA-6cf6-8hvr-r68w
- CVE-2024-31206
- CWE-300
- CWE-319
- CWE-598
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A4
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- ws affected by a DoS when handling a request with many HTTP headers - CVE-2024-37890
- Prometheus exporter process crash via malformed HTTP request - @opentelemetry/sdk-node - CVE-2026-44902
- Prometheus exporter process crash via malformed HTTP request - @opentelemetry/exporter-prometheus - CVE-2026-44902
- Sending a GET or HEAD request with a body crashes SvelteKit - @sveltejs/adapter-node - CVE-2024-23641
You might also like:
- Tags:
- npm
- dectalk-tts
Anything's wrong? Let us know Last updated on April 05, 2024