GHSA-frxm-v7q3-v2wv

Suggest an improvement
Source
https://github.com/advisories/GHSA-frxm-v7q3-v2wv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-frxm-v7q3-v2wv/GHSA-frxm-v7q3-v2wv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-frxm-v7q3-v2wv
Aliases
Published
2024-01-20T00:30:27Z
Modified
2024-01-30T20:26:21.268494Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Details

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Database specific
{
    "nvd_published_at": "2024-01-19T22:15:08Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-23T14:36:57Z"
}
References

Affected packages

Maven / org.owasp:dependency-check-ant

Package

Name
org.owasp:dependency-check-ant
View open source insights on deps.dev
Purl
pkg:maven/org.owasp/dependency-check-ant

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.0.6

Affected versions

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.0.5

Maven / org.owasp:dependency-check-cli

Package

Name
org.owasp:dependency-check-cli
View open source insights on deps.dev
Purl
pkg:maven/org.owasp/dependency-check-cli

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.0.6

Affected versions

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.0.5

Maven / org.owasp:dependency-check-maven

Package

Name
org.owasp:dependency-check-maven
View open source insights on deps.dev
Purl
pkg:maven/org.owasp/dependency-check-maven

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.0.6

Affected versions

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.0.5