Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2022-31051

Published: 09/06/2022 Updated: 17/06/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Semantic-release Project

Vulnerability Summary

semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

semantic-release project semantic-release

Vendor Advisories

Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update
Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-451] security, bug fix and update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are ...
Red Hat:
semantic-release is an open source npm package for automated version management and package publishing In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI` Occurrence is further limited to execution contexts where ...

References

CWE-200https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5xhttps://github.com/semantic-release/semantic-release/commit/58a226f29c04ee56bbb02cc661f020d568849cadhttps://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIhttps://github.com/semantic-release/semantic-release/releases/tag/v19.0.3https://access.redhat.com/errata/RHSA-2022:5555https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook