GHSA-3xc7-xg67-pw99 – sequelize-cli

Package

Manager: npm
Name: sequelize-cli
Vulnerable Version: >=0 <=5.4.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Sensitive Data Exposure in sequelize-cli Versions of `sequelize-cli` prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function `filteredURL()` does not properly sanitize the `config.password` value which may cause passwords with special characters to be logged in plain text. ## Recommendation Upgrade to version 5.5.0 or later.

Metadata

Created: 2019-06-05T20:43:10Z
Modified: 2021-08-04T20:54:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-3xc7-xg67-pw99/GHSA-3xc7-xg67-pw99.json
CWE IDs: ["CWE-532"]
Alternative ID: N/A
Finding: F068
Auto approve: 1