Insecure Default Configuration in redbird
Versions of redbird have a vulnerable default configuration of allowing TLS connections on lib/proxy.js. The package does not provide an option to disable TLS which is deprecated and vulnerable. Upgrade to or later.