GHSA-879p-8gw4-mcpw

Suggest an improvement
Source
https://github.com/advisories/GHSA-879p-8gw4-mcpw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-879p-8gw4-mcpw/GHSA-879p-8gw4-mcpw.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-879p-8gw4-mcpw
Published
2024-03-15T19:01:10Z
Modified
2024-12-04T05:40:18.113301Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
fgr Vulnerable to Insecure Default Variable Initialization
Details

Impact

Any users whom would not desire a traceback to be included in their logs whenever an error is raised in their code will be affected.

If users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information and a malicious entity gained access to their log stream, this could create an issue.

Patches

None yet... users will need to upgrade to 0.4.*

Workarounds

No particularly reasonable ones at present.

References

  • https://cwe.mitre.org/data/definitions/453.html
  • https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/stack-trace-disclosure-python/
Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-453"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-15T19:01:10Z"
}
References

Affected packages

PyPI / fgr

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.3.2

Affected versions

0.*

0.1.4
0.1.5
0.1.6
0.1.7rc1
0.1.7
0.2.0rc1
0.2.0
0.2.1
0.3.0rc1
0.3.0rc2
0.3.0
0.3.1
0.3.2rc1
0.3.2rc2
0.3.2