GHSA-frxm-v7q3-v2wv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-frxm-v7q3-v2wv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-frxm-v7q3-v2wv/GHSA-frxm-v7q3-v2wv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-frxm-v7q3-v2wv
- Aliases
- Published
- 2024-01-20T00:30:27Z
- Modified
- 2024-02-16T08:15:16.687681Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Insertion of Sensitive Information into Log File in OWASP DependencyCheck
- Details
-
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
- Database specific
{ "nvd_published_at": "2024-01-19T22:15:08Z", "cwe_ids": [ "CWE-532" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-23T14:36:57Z" }- References
Affected packages
Maven / org.owasp:dependency-check-ant
Package
- Name
- org.owasp:dependency-check-ant
- View open source insights on deps.dev
- Purl
- pkg:maven/org.owasp/dependency-check-ant
Maven / org.owasp:dependency-check-cli
Package
- Name
- org.owasp:dependency-check-cli
- View open source insights on deps.dev
- Purl
- pkg:maven/org.owasp/dependency-check-cli
Maven / org.owasp:dependency-check-maven
Package
- Name
- org.owasp:dependency-check-maven
- View open source insights on deps.dev
- Purl
- pkg:maven/org.owasp/dependency-check-maven