Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25843
HistoryJul 09, 2020 - 4:14 a.m.

Information Disclosure

2020-07-0904:14:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
npm
vulnerability
information disclosure
url handling
usernames
passwords
log files

EPSS

0.001

Percentile

17.2%

npm is vulnerable to information disclosure. The URL in the format ://[[:]@][:][:][/] is supported and the password is not redacted when printed to stdout or log files. This allows a user with access to the system to retrieve the usernames and passwords.