Security Vulnerability Detected
Dependency: npm
Criticality: MEDIUM (Score: undefined)
Vulnerability Details
Name: CVE-2020-15095
Description:
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2020-15095\"],\"published\":\"2020-07-07T19:15:10.833\",\"lastModified\":\"2024-11-21T05:04:47.847\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"exploitabilityScore\":0.8,\"impactScore\":3.6,\"weaknesses\":[\"CWE-532\",\"CWE-532\"]}"
Security Vulnerability Detected
Dependency:
npmCriticality: MEDIUM (Score: undefined)
Vulnerability Details
Name: CVE-2020-15095
Description:
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2020-15095\"],\"published\":\"2020-07-07T19:15:10.833\",\"lastModified\":\"2024-11-21T05:04:47.847\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"exploitabilityScore\":0.8,\"impactScore\":3.6,\"weaknesses\":[\"CWE-532\",\"CWE-532\"]}"