In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade stigmem-node to version 0.9.0a2 or higher.
stigmem-node is a Stigmem reference node — single-host production implementation
Affected versions of this package are vulnerable to Active Debug Code in the federation process when mTLS is explicitly disabled and the node is bound to a non-loopback URL. An attacker can intercept sensitive federation traffic by performing a network man-in-the-middle attack. This is only exploitable if federation is enabled, mTLS is disabled, and the node is configured to listen on a non-loopback interface.
This vulnerability can be mitigated by enabling mTLS for federation or ensuring federation endpoints are only bound to loopback/private test environments and are not accessible from untrusted networks.