Описание
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
A flaw was found in the parse-git-config package. Affected versions of this package allow an attacker to obtain sensitive information via the expandKeys function.
Отчет
This CVE affects parse-git-config v.3.0.0 which is not shipped in any of the Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=2351765parse-git-config: Prototype Pollution Vulneralbility in parse-git-config
EPSS
Процентиль: 5%
0.00023
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
6 месяцев назад
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
CVSS3: 7.5
github
6 месяцев назад
Prototype Pollution Vulnerability in parse-git-config
EPSS
Процентиль: 5%
0.00023
Низкий
7.5 High
CVSS3