5 matches found
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR
Summary There is vulnerability in npm which affects IBM VM Recovery Manager DR Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in the log file. B...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-15095)
Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-15095 Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...
Information Disclosure
npm-registry-fetch is vulnerable to information disclosure. The vulnerability exists as as it does not mask sensitive information that may be logged through the malicious URL such as ://:@::/...
Sensitive Data Exposure
Overview Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The package supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files. Recommendation Upgrade to version...
GHSA-JMQM-F2GX-4FJV Sensitive information exposure through logs in npm-registry-fetch
Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...