icon

We found results for “

CVE-2020-26226

Good to know:

icon

Date: November 18, 2020

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Encoding or Escaping of Output

CWE-116

Top Fix

icon

Upgrade Version

Upgrade to version 17.2.3

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privilegs Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us