GHSA-879p-8gw4-mcpw

Опубликовано: 15 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 3.7

Описание

fgr Vulnerable to Insecure Default Variable Initialization

Impact

Any users whom would not desire a traceback to be included in their logs whenever an error is raised in their code will be affected.

If users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information and a malicious entity gained access to their log stream, this could create an issue.

Patches

None yet... users will need to upgrade to 0.4.*

Workarounds

No particularly reasonable ones at present.

References

https://cwe.mitre.org/data/definitions/453.html
https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/stack-trace-disclosure-python/

Ссылки

https://github.com/dan1hc/fgr/security/advisories/GHSA-879p-8gw4-mcpw

Пакеты

Наименование

fgr

pip

Затронутые версииВерсия исправления

<= 0.3.2

Отсутствует

3.7 Low

CVSS3

Дефекты

CWE-453

3.7 Low

CVSS3

Дефекты

CWE-453