Security Advisory

CVE-2020-15095

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-07 18:55:12

Last updated 2024-08-04 13:08:21

Assigner GitHub_M

State PUBLISHED

Description

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

← Browse all CVEs View on cve.org ↗