15 matches found
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
GHSA-4255-C27H-62M5 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...
Insertion of Sensitive Information into Log File
Overview @rage-against-the-pixel/unity-cli is an A command line utility for the Unity Game Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the sign-package command when the --verbose flag is enabled. An attacker can obtain sensitive...
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
UBUNTU-CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918
The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
unity-cli 日志信息泄露漏洞
unity-cli is a command-line utility for the Unity game engine, open-sourced by RageAgainstThePixel. Versions of unity-cli prior to 1.8.2 had a vulnerability related to log information leakage. This vulnerability stemmed from the sign-package command, which recorded sensitive credentials in plain...
PT-2026-7170
Name of the Vulnerable Software and Affected Versions unity-cli versions prior to 1.8.2 Description The sign-package command in unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments, including --email and --password, are output via JSON.stringif...
Linux Distros Unpatched Vulnerability : CVE-2023-46234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on...