AIKIDO-2024-10440
@powersync/web is vulnerable to Cleartext Transmission of Sensitive Information
30
Low
@powersync/web js
AIKIDO-2024-10440: @powersync/web is vulnerable to Cleartext Transmission of Sensitive Information in versions 0.5.1 - 1.10.1.
Cleartext Transmission of Sensitive Information
Vuln in 0.5.1 - 1.10.1
Fixed in 1.10.2
No CVE available
TL;DR
Affected versions of this package do not protect against the use of insecure connections when logging in with the token connector.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade @powersync/web library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US