Skip to content

Sensitive information exposure through logs

Low
claudiahdz published GHSA-93f3-23rq-pjfp Jul 7, 2020

Package

npm npm (npm)

Affected versions

< 6.14.6

Patched versions

6.14.6

Description

Versions of the CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. 

The cli supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

Severity

Low

CVE ID

CVE-2020-15095

Weaknesses

No CWEs