The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
References
Link | Resource |
---|---|
https://nodesecurity.io/advisories/334 | Third Party Advisory |
https://nodesecurity.io/advisories/334 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://nodesecurity.io/advisories/334 - Third Party Advisory |
Information
Published : 2018-06-04 19:29
Updated : 2024-11-21 03:15
NVD link : CVE-2017-16035
Mitre link : CVE-2017-16035
CVE.ORG link : CVE-2017-16035
JSON object : View
Products Affected
hubspot
- hubl-server