airtable@0.6.0 vulnerabilities

The official Airtable JavaScript library.

  • latest version

    0.12.2

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the airtable package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Insufficiently Protected Credentials

    airtable is a javascript client for Airtable.

    Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the usage of misconfigured build script in its source package, which bundles environment variables (AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL) into the build target of a transpiled bundle.

    NOTE: This vulnerability is relevant only if all of the following conditions are met:

    1. the user has cloned the Airtable.js source onto their machine.

    2. the user runs the npm prepare script

    3. the user has the AIRTABLE_API_KEY environment variable set.

    How to fix Insufficiently Protected Credentials?

    Upgrade airtable to version 0.11.6 or higher.

    <0.11.6
    • C
    Machine-In-The-Middle

    airtable is a javascript client for Airtable.

    Affected versions of this package are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic.

    How to fix Machine-In-The-Middle?

    Upgrade airtable to version 0.7.2 or higher.

    >=0.1.19 <0.7.2