Description
dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `[email protected]`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it.
INFO
Published Date :
2024-04-04T22:10:29.200Z
Last Modified :
2024-08-26T20:27:25.984Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-31206 vulnerability.
No data.
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-31206.