GHSA-p77h-hv6g-fmfp

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 5

Описание

Sensitive Data Exposure in ibm_db

Versions of ibm_db prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode.

Recommendation

Upgrade to version 2.6.0 or later and ensure sensitive information was not logged.

Ссылки

https://github.com/ibmdb/node-ibm_db/issues/563
https://github.com/ibmdb/node-ibm_db/commit/526c88b5eedc605274def65405279f6708d91ce8
https://snyk.io/vuln/SNYK-JS-IBMDB-459762
https://www.npmjs.com/advisories/1185

Пакеты

Наименование

ibm_db

npm

Затронутые версииВерсия исправления

< 2.6.0

2.6.0

5 Medium

CVSS3

5 Medium

CVSS3