GMS-2016-18: Insecure Default Configuration

March 28, 2016

The airbrake module defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

References

github.com/airbrake/node-airbrake/issues/70

Code Behaviors & Features

Detect and mitigate GMS-2016-18 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →