airtable@0.11.1 vulnerabilities

The official Airtable JavaScript library.

Direct Vulnerabilities

Known vulnerabilities in the airtable package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insufficiently Protected Credentials

airtable is a javascript client for Airtable.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the usage of misconfigured build script in its source package, which bundles environment variables (AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL) into the build target of a transpiled bundle.

NOTE: This vulnerability is relevant only if all of the following conditions are met:

  1. the user has cloned the Airtable.js source onto their machine.

  2. the user runs the npm prepare script

  3. the user has the AIRTABLE_API_KEY environment variable set.

How to fix Insufficiently Protected Credentials?

Upgrade airtable to version 0.11.6 or higher.

<0.11.6