Описание
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Impact
Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios.
Patches
The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later.
Workarounds
Disable Go Modules support.
References
Blog post: https://renovatebot.com/blog/go-modules-vulnerability-disclosure
For more information
If you have any questions or comments about this advisory:
- Open an issue in Renovate
Пакеты
Наименование
renovate
npm
Затронутые версииВерсия исправления
>= 13.87.0, < 19.38.7
19.38.7
5.3 Medium
CVSS3
Дефекты
CWE-200
5.3 Medium
CVSS3
Дефекты
CWE-200