CGA-jq2f-5px5-6h92

Published

Last updated

https://images.chainguard.dev/security/CGA-jq2f-5px5-6h92

Package

code-server

RepositoryWolfi

Latest Update

Not affected

Aliases

CVE-2020-15095
GHSA-93f3-23rq-pjfp

Severity

Unknown

Summary

npm CLI exposing sensitive information through logs

Description

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-15095
https://github.com/advisories/GHSA-93f3-23rq-pjfp
https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
https://security.gentoo.org/glsa/202101-07
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-jq2f-5px5-6h92

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources