Information Disclosure

Affecting rethinkdb package, versions <2.1.0 >=1.2.0

Do your applications use this vulnerable package? Test your applications

Overview

rethinkdb provides the JavaScript driver library for the RethinkDB database server for use in your node application. Affected versions of the package use a non-cryptographic hash map to store connection IDs, making the connection ID easy to guess.

Remediation

Upgrade rethinkdb to version 2.1.0 or higher.

References

CVSS Score

5.3
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Daniel Mewes
CWE
CWE-200
Snyk ID
npm:rethinkdb:20150514-1
Disclosed
13 May, 2015
Published
13 Mar, 2017