GHSA-jrj9-5qp6-2v8q

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Machine-In-The-Middle in airtable

Affected versions of airtable are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic.

Recommendation

Upgrade to version 0.7.2 or later.

Ссылки

https://www.npmjs.com/advisories/1305

Пакеты

Наименование

airtable

npm

Затронутые версииВерсия исправления

>= 0.1.19, < 0.7.2

0.7.2