CVE-2016-10530

Published May 31st, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

airbrake/node-airbrake

node-airbrake is no longer maintained. Please visit https://airbrake.io/docs/performance-monitoring/updating-from-deprecated-libraries-for-node/

GitHub

176