MAL-2025-21210 Malicious code in gatsby-source-wordpress-bcgdv (npm)

The package gatsby-source-wordpress-bcgdv was found to contain malicious code...

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

Sensitive Data Exposure

Overview The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

@agileana/agileana-theme (>=0.0.1 <=0.0.3), @ajberkow/gatsby-theme-ucomm (>=0.0.1 <=0.0.8) +14 more potentially affected by CVE-2021-32770 via gatsby-source-wordpress (>=2.0.93 <=3.11.0)

gatsby-source-wordpress NPM version =2.0.93, =0.0.1, =0.0.1, =1.0.0, =1.3.1-alpha, =1.0.0, =1.0.0, =1.0.11, =1.0.26, =1.0.40, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.0.1, =0.0.4 and more Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

GHSA-RQJW-P5VR-C695 Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

@suldev/gatsby-theme-foundry (>=1.0.0 <=1.0.17) potentially affected by CVE-2021-32770 via gatsby-source-wordpress (=5.15.0)

gatsby-source-wordpress NPM version =5.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-source-wordpress and may be impacted: - @suldev/gatsby-theme-foundry =1.0.0, =1.0.17 Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

CVE-2021-32770 Basic-auth app bundle credential exposure in gatsby-source-wordpress

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

CVE-2021-32770

The CVE-2021-32770 entry concerns the gatsby-source-wordpress plugin. Affected versions (prior to 4.0.8 and 5.9.2) leak .htaccess HTTP Basic Authentication credentials into the app.js bundle at build time. The root cause is exposure of credentials from auth.htaccess during build, which may affect...

gatsby 信息泄露漏洞

gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A security vulnerability exists in gatsby that stems from the gatsby-source-wordpress plugin leaking .htaccess HTTP basic authentication variables in...

PT-2021-19918 · WordPress · Gatsby-Source-Wordpress

Name of the Vulnerable Software and Affected Versions: gatsby-source-wordpress versions prior to 4.0.8 and 5.9.2 Description: The gatsby-source-wordpress plugin leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. This issue affects users who initialize...