Back to search
CVE-2016-10530
Published: May 31, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
| Vendor | Product | Versions |
|---|---|---|
HackerOne | airbrake node module | affected <=0.3.8 |
Weaknesses (CWE)
References
https://github.com/airbrake/node-airbrake/issues/70
x_refsource_MISC
https://nodesecurity.io/advisories/96
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now