Lucene search

K
nodejsJuan LeñeroNODEJS:825
HistoryApr 19, 2019 - 9:51 p.m.

Sensitive Data Exposure

2019-04-1921:51:17
Juan Leñero
www.npmjs.com
6
sequelize-cli
sensitive data exposure
vulnerable
passwords
sanitization
plain text logging

Overview

Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL() does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text.

Recommendation

Upgrade to version 5.5.0 or later.

References

Affected configurations

Vulners
Node
sequelize-cliRange<5.5.0
VendorProductVersionCPE
*sequelize-cli*cpe:2.3:a:*:sequelize-cli:*:*:*:*:*:*:*:*