During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
[
{
"product": "go-ipfs-dep node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<0.4.4"
}
]
}
]