Moderate severityNVD Advisory· Published May 31, 2018· Updated Sep 16, 2024
CVE-2016-10530
CVE-2016-10530
Description
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
airbrakenpm | < 0.4.0 | 0.4.0 |
Affected products
1- Range: <=0.3.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-856x-cp3q-47vgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10530ghsaADVISORY
- github.com/airbrake/node-airbrake/issues/70ghsax_refsource_MISCWEB
- nodesecurity.io/advisories/96mitrex_refsource_MISC
- www.npmjs.com/advisories/96ghsaWEB
News mentions
0No linked articles in our index yet.