2 matches found
CVE-2022-31051
CVE-2022-31051 affects the open‑source npm package semantic-release . The vulnerability causes concealed secrets to be disclosed when they contain characters that are not encoded by encodeURI , in contexts where pushing to the repository requires modifying the URL to inject credentials. Public re...
CVE-2020-26226
CVE-2020-26226 affects the npm package semantic-release (pre-17.2.3). The vulnerability causes secrets that should be masked to be disclosed when they contain characters that become URI-encoded in a URL. The issue is resolved in version 17.2.3; upgrade to 17.2.3 or newer to mitigate. The CVSS met...