Authentication credentails logged in clear text

2016-03-16T16:29:31
ID NODEJS:85
Type nodejs
Reporter Stephan Bönnemann
Modified 2018-05-08T14:27:01

Description

Overview

Versions of grunt-gh-pages prior to 1.0.0 are affected by a vulnerability which may cause unencrypted github credentials to be written to a log file in certain circumstances.

In the grunt-gh-pages deployment scenario where authentication is performed by injecting a github token directly into the auth portion of the URL, grunt-gh-pages will write the token to a log file, unencrypted.

Recommendation

Update to version 1.0.0 or later.

References

PR #41