Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10530 Vulnerability in npm package airbrake

Description

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

Remediation

References

https://github.com/airbrake/node-airbrake/issues/70

https://nodesecurity.io/advisories/96

Related Vulnerabilities

CVE-2020-27216 Vulnerability in maven package org.eclipse.jetty:jetty-webapp

CVE-2019-10315 Vulnerability in maven package org.jenkins-ci.plugins:github-oauth

CVE-2017-16063 Vulnerability in npm package node-opensl

CVE-2021-23807 Vulnerability in npm package jsonpointer

CVE-2017-5650 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Broken Link Third Party Advisory