<p>There is no fix version for <code>hotel</code>.</p>

Man-in-the-Middle (MitM) Affecting hotel package, versions *

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID npm:hotel:20160322
published 30 May 2017
disclosed 21 Mar 2016
credit floydwch

Report a new vulnerability Found a mistake?

Introduced: 21 Mar 2016

CWE-295 Open this link in a new tab

How to fix?

There is no fix version for hotel.

Overview

hotel is local domains for everyone. Affected versions of the package are vulnerable to Man-in-the-Middle (MitM) attacks. Hotel contained a self-signed certificate built-in, the private key being in the repo. This allows any user to use that key and listen in on the traffic.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

None

Man-in-the-Middle (MitM) Affecting hotel package, versions *

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 21 Mar 2016

How to fix?

Overview

References

CVSS Scores

Snyk