3 matches found
ah-airbrake-plugin (=0.0.2), aws_lambda_app (>=1.0.1 <=2.0.1) +11 more potentially affected by CVE-2016-10530 via airbrake (>=0.2.9 <=0.3.8)
airbrake NPM version =0.2.9, =1.0.1, =0.0.1, =4.0.0, =0.1.6, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.1 Source cves: CVE-2016-10530 Source advisory: OSV:GHSA-856X-CP3Q-47VG...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The CVE-2016-10530 issue affects the airbrake Node.js module (versions ≤ 0.3.8). It defaults to sending environment variables over HTTP, exposing secrets on privileged networks. This is explicitly described in multiple Connected sources (Airbrake node advisory and CVE records). Impact is exposure...