airtable@0.5.2 vulnerabilities

The official Airtable JavaScript library.

latest version

0.12.2
latest non vulnerable version

0.12.2
first published

9 years ago
latest version published

9 months ago
licenses detected
- MIT
  >=0
View airtable package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the airtable package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Insufficiently Protected Credentials airtable is a javascript client for Airtable. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the usage of misconfigured build script in its source package, which bundles environment variables (`AIRTABLE_API_KEY` and `AIRTABLE_ENDPOINT_URL`) into the build target of a transpiled bundle. NOTE: This vulnerability is relevant only if all of the following conditions are met: the user has cloned the `Airtable.js` source onto their machine. the user runs the npm prepare script the user has the `AIRTABLE_API_KEY` environment variable set. How to fix Insufficiently Protected Credentials? Upgrade `airtable` to version 0.11.6 or higher.	<0.11.6
C Machine-In-The-Middle airtable is a javascript client for Airtable. Affected versions of this package are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic. How to fix Machine-In-The-Middle? Upgrade `airtable` to version 0.7.2 or higher.	>=0.1.19 <0.7.2

Insufficiently Protected Credentials

airtable is a javascript client for Airtable.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the usage of misconfigured build script in its source package, which bundles environment variables (AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL) into the build target of a transpiled bundle.

NOTE: This vulnerability is relevant only if all of the following conditions are met:

the user has cloned the Airtable.js source onto their machine.
the user runs the npm prepare script
the user has the AIRTABLE_API_KEY environment variable set.

How to fix Insufficiently Protected Credentials?

Upgrade airtable to version 0.11.6 or higher.

<0.11.6

Machine-In-The-Middle

airtable is a javascript client for Airtable.

Affected versions of this package are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic.

How to fix Machine-In-The-Middle?

Upgrade airtable to version 0.7.2 or higher.

>=0.1.19 <0.7.2

Go back to all versions of this package

airtable@0.5.2 vulnerabilities

The official Airtable JavaScript library.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities