Versions of the npm CLI before 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
npmjs npm |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
fedoraproject fedora 33 |