Vulnerabilities

CVE-2020-15095

by Fred · 07/07/2020

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.

Date published : 2020-07-07

https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

Similar

Tags: Cybersecurity Alert