WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10530 Vulnerability in npm package airbrake

Description

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

Remediation

References

https://github.com/airbrake/node-airbrake/issues/70

https://nodesecurity.io/advisories/96

Related Vulnerabilities

CVE-2020-26245 Vulnerability in npm package systeminformation

CVE-2022-27263 Vulnerability in npm package strapi

CVE-2023-5572 Vulnerability in npm package @vrite/sdk

CVE-2020-7684 Vulnerability in npm package rollup-plugin-serve

CVE-2022-36079 Vulnerability in npm package parse-server

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Broken Link Third Party Advisory