Versions of grunt-gh-pages
prior to 1.0.0 are affected by a vulnerability which may cause unencrypted github credentials to be written to a log file in certain circumstances.
In the grunt-gh-pages
deployment scenario where authentication is performed by injecting a github token directly into the auth portion of the URL, grunt-gh-pages
will write the token to a log file, unencrypted.
Update to version 1.0.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
grunt-gh-pages | le | 0.9.1 |