CVE-2016-10680

Name of the Vulnerable Software and Affected Versions adamvr-geoip-lite versions (affected versions not specified)

Description The issue affects the integrity and availability of geoip data, which may alter the decisions made by an application using this data. This is due to the package downloading geoip resources over HTTP, making it vulnerable to Man-In-The-Middle (MITM) attacks. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will, impacting the integrity and availability of the data being used to make geolocation decisions by an application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a mitigation measure, consider avoiding the use of this package and use a different package if available. Alternatively, reduce the risk of exploitation by ensuring that this package is not installed while connected to a public network.