GMS-2019-50: Insecure Default Configuration in redbird

June 6, 2019 (updated August 4, 2021)

Versions of redbird have a vulnerable default configuration of allowing TLS connections on lib/proxy.js. The package does not provide an option to disable TLS which is deprecated and vulnerable. Upgrade to or later.

References

github.com/OptimalBits/redbird/commit/39c7a2da84a2ddddfe046ea80e98800518920516
github.com/OptimalBits/redbird/pull/207
github.com/advisories/GHSA-8948-ffc6-jg52
snyk.io/vuln/SNYK-JS-REDBIRD-174455
www.npmjs.com/advisories/828

Detect and mitigate GMS-2019-50 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →