Medium severity5.9NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10530
CVE-2016-10530
Description
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
airbrakenpm | < 0.4.0 | 0.4.0 |
Affected products
2- Range: <=0.3.8
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-856x-cp3q-47vgghsaADVISORY
- github.com/airbrake/node-airbrake/issues/70nvdBroken LinkThird Party AdvisoryWEB
- nodesecurity.io/advisories/96nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10530ghsaADVISORY
- www.npmjs.com/advisories/96ghsaWEB
News mentions
0No linked articles in our index yet.