Homepage
About Snyk

Sensitive Information Exposure Affecting airbrake package, versions <0.4.0

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:airbrake:20160215
  • published 10 Oct 2016
  • disclosed 15 Feb 2016
  • credit Hrvoje Šimić
Report a new vulnerability Found a mistake?

Introduced: 15 Feb 2016

CVE NOT AVAILABLE CWE-200 Open this link in a new tab

How to fix?

Upgrade airbrake version 0.4.0 or greater.

Overview

airbrake is a Node.js notifier for the Airbrake bug and error tracking service. Versions prior to 0.4.0 serialized all environment variables and could lead to sensitive information exposure.

CVSS Scores

version 3.1
Expand this section

Snyk

5.9 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None