{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T08:25:16.738","vulnerabilities":[{"cve":{"id":"CVE-2016-10673","sourceIdentifier":"support@hackerone.com","published":"2018-06-04T16:29:01.923","lastModified":"2024-11-21T02:44:29.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application."},{"lang":"es","value":"ipip-coffee consulta información de geolocalización de la IP. ipip-coffee descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. Esto podría impactar la integridad y disponibilidad de los datos que se están empleando para que una aplicación tome decisiones de geolocalización."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ipip:ipip-coffee:*:*:*:*:*:node.js:*:*","versionEndIncluding":"1.0.9","matchCriteriaId":"6B672E1A-2940-4F26-9731-9B019B721BCD"}]}]}],"references":[{"url":"https://nodesecurity.io/advisories/279","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}