How severe is CVE-2024-31206?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-31206?

This is classified as CWE-300, which is a common weakness in software security.

CVE-2024-31206 - HIGH Severity | CVSS 8.2

Vulnerability Description

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `[email protected]`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it.

Related Vulnerabilities

CVE-2020-11024

HIGH

CVSS:8.2(High)

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

CWE-3002020

CVE-2018-0025

HIGH

CVSS:8.1(High)

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these cred...

CWE-3002018

CVE-2018-13298

HIGH

CVSS:8.1(High)

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

CWE-3002018

CVE-2019-3793

HIGH

CVSS:8.1(High)

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unaut...

CWE-3002019

CVE-2019-5456

HIGH

CVSS:8.1(High)

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use la...

CWE-3002019

CVE-2021-41033

HIGH

CVSS:8.1(High)

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be ...

CWE-3002021