GMS-2020-45: Machine-In-The-Middle in airtable

September 3, 2020

Affected versions of airtable are vulnerable to Machine-In-The-Middle. The package has SSL certificate validation disabled by default unintentionally. This may allow attackers in a privileged network position to decrypt intercepted traffic.

References

github.com/advisories/GHSA-jrj9-5qp6-2v8q
www.npmjs.com/advisories/1305

Code Behaviors & Features

Detect and mitigate GMS-2020-45 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →