GHSA-93f3-23rq-pjfp

Suggest an improvement
Source
https://github.com/advisories/GHSA-93f3-23rq-pjfp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-93f3-23rq-pjfp/GHSA-93f3-23rq-pjfp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-93f3-23rq-pjfp
Aliases
Related
Published
2020-07-07T18:56:16Z
Modified
2023-11-08T04:02:28.941469Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
npm CLI exposing sensitive information through logs
Details

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

References

Affected packages

npm / npm

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.14.6