6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Airtable.js is an Airtable javascript client open sourced by Airtable. It provides a simple way to access data. Airtable.js versions prior to 0.11.6 contain a configuration error vulnerability that stems from a misconfiguration in the script that binds environment variables to the build target of the compiled package when the script is run. An attacker could exploit this vulnerability to modify a local user build of Airtable.js to contain the value of the AIRTABLE_API_KEY environment variable, and attach that value to the packaged code.
CPE | Name | Operator | Version |
---|---|---|---|
airtable airtable.js | lt | 0.11.6 |