GHSA-3xc7-xg67-pw99

Опубликовано: 05 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 3.5

Описание

Sensitive Data Exposure in sequelize-cli

Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL() does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text.

Recommendation

Upgrade to version 5.5.0 or later.

Ссылки

https://github.com/sequelize/cli/issues/172
https://github.com/sequelize/cli/pull/722
https://github.com/FelixLC/cli/commit/da59652c061a798282e18efad0b6d0afefa15465
https://snyk.io/vuln/SNYK-JS-SEQUELIZECLI-174320
https://www.npmjs.com/advisories/825

Пакеты

Наименование

sequelize-cli

npm

Затронутые версииВерсия исправления

<= 5.4.0

Отсутствует

3.5 Low

CVSS3

Дефекты

CWE-532

3.5 Low

CVSS3

Дефекты

CWE-532