CVE-2024-31206

HIGH
Published Apr 4, 2024 Modified Apr 15, 2026 CWE-300 CWE-319 CWE-598

Description

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `[email protected]`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it.

CVSS v3.1 Score

8.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Weakness Type (CWE)

CWE-300 CWE-300
CWE-319 CWE-319
CWE-598 CWE-598

References

Frequently Asked Questions

What is CVE-2024-31206? +
dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `[email protected]`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. It has a CVSS v3.1 base score of 8.2 (HIGH).
How severe is CVE-2024-31206? +
CVE-2024-31206 has a CVSS v3.1 score of 8.2 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
How do I check if I'm vulnerable to CVE-2024-31206? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2023-31004 8.3

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 …
CVE-2025-31214 8.1

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker …
CVE-2024-36553 8.1

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.
CVE-2025-20122 7.8

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker …
CVE-2025-63363 7.5

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW …
CVE-2024-32049 7.4

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-31206 — free, no signup required.

Start Free Scan