CVE-2024-31206

Name of the Vulnerable Software and Affected Versions dectalk-tts version 1.0.0

Description The issue arises from the use of unencrypted HTTP for network requests to the third-party API in dectalk-tts@1.0.0. This allows attackers to easily intercept and modify traffic, potentially leading to man-in-the-middle (MITM) attacks. Users could be victims of such attacks, and sensitive information could be stolen if sent despite warnings. Attackers could also manipulate requests and responses, potentially returning malicious output that could endanger the user's filesystem.

Recommendations For dectalk-tts version 1.0.0, update to version 1.0.1 to resolve the issue, as the network request was upgraded to HTTPS in this version. As a precaution, do not send any sensitive information and carefully verify the API response before saving it.