Количество 2
Количество 2
CVE-2016-10526
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
GHSA-rrj3-qmh8-72pf
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-10526 A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | CVSS3: 8.6 | 0% Низкий | больше 7 лет назад |
| GHSA-rrj3-qmh8-72pf grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file | 0% Низкий | почти 7 лет назад |
Уязвимостей на страницу