unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unicode_project | unicode | * |