Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NngtY3AzcS00N3Zn
Insecure Default Configuration in airbrake
Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.
Recommendation
Update to version 0.4.0 or later, or upgrade from the now-deprecated airbrake module to its replacement, airbrake-js.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NngtY3AzcS00N3Zn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 6 years ago
Updated: almost 2 years ago
EPSS Percentage: 0.00132
EPSS Percentile: 0.49502
Identifiers: GHSA-856x-cp3q-47vg, CVE-2016-10530
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10530
- https://github.com/airbrake/node-airbrake/issues/70
- https://github.com/advisories/GHSA-856x-cp3q-47vg
- https://www.npmjs.com/advisories/96
Blast Radius: 0.0
Affected Packages
npm:airbrake
Dependent packages: 33Dependent repositories: 99
Downloads: 4,690 last month
Affected Version Ranges: < 0.4.0
Fixed in: 0.4.0
All affected versions: 0.0.0, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2, 0.3.4, 0.3.5, 0.3.8
All unaffected versions: 0.4.0, 0.4.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3