airtable@0.5.5 vulnerabilities

The official Airtable JavaScript library.

Direct Vulnerabilities

Known vulnerabilities in the airtable package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insufficiently Protected Credentials

airtable is a javascript client for Airtable.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the usage of misconfigured build script in its source package, which bundles environment variables (AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL) into the build target of a transpiled bundle.

NOTE: This vulnerability is relevant only if all of the following conditions are met:

  1. the user has cloned the Airtable.js source onto their machine.

  2. the user runs the npm prepare script

  3. the user has the AIRTABLE_API_KEY environment variable set.

How to fix Insufficiently Protected Credentials?

Upgrade airtable to version 0.11.6 or higher.

<0.11.6
  • C
Machine-In-The-Middle

airtable is a javascript client for Airtable.

Affected versions of this package are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic.

How to fix Machine-In-The-Middle?

Upgrade airtable to version 0.7.2 or higher.

>=0.1.19 <0.7.2