CVE-2020-26226

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-26226
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26226.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26226
Aliases
Related
Published
2020-11-18T22:15:12.197Z
Modified
2026-02-05T06:24:41.023069Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.

References

Affected packages

Git / github.com/semantic-release/semantic-release

Affected ranges

Type
GIT
Repo
https://github.com/semantic-release/semantic-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ca90b34c4a9333438cc4d69faeb43362bb991e5a

Affected versions

8.*
8.0.1
v10.*
v10.0.0
v10.0.1
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.1.0
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.1.1
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.5
v12.3.0
v12.4.0
v12.4.1
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.1.0
v13.1.1
v13.1.2
v13.1.3
v13.1.4
v13.1.5
v13.2.0
v13.3.0
v13.3.1
v13.4.0
v13.4.1
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.0.3
v14.0.4
v15.*
v15.0.0
v15.0.1
v15.0.2
v15.0.3
v15.0.4
v15.1.0
v15.1.1
v15.1.10
v15.1.11
v15.1.2
v15.1.3
v15.1.4
v15.1.5
v15.1.6
v15.1.7
v15.1.8
v15.1.9
v15.10.0
v15.10.1
v15.10.2
v15.10.3
v15.10.4
v15.10.5
v15.10.6
v15.10.7
v15.10.8
v15.11.0
v15.12.0
v15.12.1
v15.12.2
v15.12.3
v15.12.4
v15.12.5
v15.13.0
v15.13.1
v15.13.10
v15.13.11
v15.13.12
v15.13.13
v15.13.14
v15.13.15
v15.13.16
v15.13.17
v15.13.18
v15.13.19
v15.13.2
v15.13.20
v15.13.21
v15.13.22
v15.13.23
v15.13.24
v15.13.25
v15.13.26
v15.13.27
v15.13.28
v15.13.29
v15.13.3
v15.13.30
v15.13.31
v15.13.32
v15.13.4
v15.13.5
v15.13.6
v15.13.7
v15.13.8
v15.13.9
v15.14.0
v15.2.0
v15.3.0
v15.3.1
v15.3.2
v15.4.0
v15.4.1
v15.4.2
v15.4.3
v15.4.4
v15.5.0
v15.5.1
v15.5.2
v15.5.3
v15.5.4
v15.5.5
v15.6.0
v15.6.1
v15.6.2
v15.6.3
v15.6.4
v15.6.5
v15.6.6
v15.7.0
v15.7.1
v15.7.2
v15.8.0
v15.8.1
v15.9.0
v15.9.1
v15.9.10
v15.9.11
v15.9.12
v15.9.13
v15.9.14
v15.9.15
v15.9.16
v15.9.17
v15.9.2
v15.9.3
v15.9.4
v15.9.5
v15.9.6
v15.9.7
v15.9.8
v15.9.9
v16.*
v16.0.0
v16.0.0-beta.1
v16.0.0-beta.10
v16.0.0-beta.11
v16.0.0-beta.12
v16.0.0-beta.13
v16.0.0-beta.14
v16.0.0-beta.15
v16.0.0-beta.16
v16.0.0-beta.17
v16.0.0-beta.18
v16.0.0-beta.19
v16.0.0-beta.2
v16.0.0-beta.20
v16.0.0-beta.21
v16.0.0-beta.22
v16.0.0-beta.23
v16.0.0-beta.24
v16.0.0-beta.25
v16.0.0-beta.26
v16.0.0-beta.27
v16.0.0-beta.28
v16.0.0-beta.29
v16.0.0-beta.3
v16.0.0-beta.30
v16.0.0-beta.31
v16.0.0-beta.32
v16.0.0-beta.33
v16.0.0-beta.34
v16.0.0-beta.35
v16.0.0-beta.36
v16.0.0-beta.37
v16.0.0-beta.38
v16.0.0-beta.39
v16.0.0-beta.4
v16.0.0-beta.40
v16.0.0-beta.41
v16.0.0-beta.42
v16.0.0-beta.43
v16.0.0-beta.44
v16.0.0-beta.45
v16.0.0-beta.46
v16.0.0-beta.47
v16.0.0-beta.5
v16.0.0-beta.6
v16.0.0-beta.7
v16.0.0-beta.8
v16.0.0-beta.9
v16.0.1
v16.0.2
v16.0.3
v16.0.4
v17.*
v17.0.0
v17.0.1
v17.0.2
v17.0.3
v17.0.4
v17.0.5
v17.0.6
v17.0.7
v17.0.8
v17.1.0
v17.1.1
v17.1.2
v17.2.0
v17.2.1
v17.2.2
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.2.0
v4.2.1
v5.*
v5.0.0
v5.0.1
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v7.*
v7.0.0
v7.0.1
v7.0.2
v8.*
v8.0.0
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.1.1
v8.1.2
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.1.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26226.json"