Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.8 views

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.1AI score0.01414EPSS
Exploits1References1
Node.js
Node.js
added 2021/07/19 3:36 p.m.79 views

Sensitive Data Exposure

Overview The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

5CVSS1.8AI score0.01414EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2021/07/19 3:21 p.m.9 views

@suldev/gatsby-theme-foundry (>=1.0.0 <=1.0.17) potentially affected by CVE-2021-32770 via gatsby-source-wordpress (=5.15.0)

gatsby-source-wordpress NPM version =5.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-source-wordpress and may be impacted: - @suldev/gatsby-theme-foundry =1.0.0, =1.0.17 Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

7.5CVSS7.1AI score0.01414EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/07/19 3:21 p.m.3 views

@agileana/agileana-theme (>=0.0.1 <=0.0.3), @ajberkow/gatsby-theme-ucomm (>=0.0.1 <=0.0.8) +14 more potentially affected by CVE-2021-32770 via gatsby-source-wordpress (>=2.0.93 <=3.11.0)

gatsby-source-wordpress NPM version =2.0.93, =0.0.1, =0.0.1, =1.0.0, =1.3.1-alpha, =1.0.0, =1.0.0, =1.0.11, =1.0.26, =1.0.40, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.0.1, =0.0.4 and more Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

7.5CVSS7.1AI score0.01414EPSS
Exploits1
CVE
CVE
added 2021/07/15 6:30 p.m.80 views

CVE-2021-32770

The CVE-2021-32770 entry concerns the gatsby-source-wordpress plugin. Affected versions (prior to 4.0.8 and 5.9.2) leak .htaccess HTTP Basic Authentication credentials into the app.js bundle at build time. The root cause is exposure of credentials from auth.htaccess during build, which may affect...

7.5CVSS7.6AI score0.01414EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 6:30 p.m.31 views

CVE-2021-32770 Basic-auth app bundle credential exposure in gatsby-source-wordpress

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.9AI score0.01414EPSS
Exploits1References1
Rows per page
Query Builder