Описание
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.
Ссылки
- https://github.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5aPatchThird Party Advisory
- Third Party Advisory
- https://github.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5aPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 17.2.3 (исключая)
cpe:2.3:a:semantic-release_project:semantic-release:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.0035
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-116
Связанные уязвимости
CVSS3: 8.1
github
около 5 лет назад
Secret disclosure when containing characters that become URI encoded
EPSS
Процентиль: 57%
0.0035
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-116