Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Sensitive Data Exposure in sequelize-cli
Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL() does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text.
Recommendation
Upgrade to version 5.5.0 or later.
Permalink: https://github.com/advisories/GHSA-3xc7-xg67-pw99JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
CVSS Score: 3.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Identifiers: GHSA-3xc7-xg67-pw99
References:
- https://github.com/sequelize/cli/issues/172
- https://github.com/sequelize/cli/pull/722
- https://github.com/FelixLC/cli/commit/da59652c061a798282e18efad0b6d0afefa15465
- https://snyk.io/vuln/SNYK-JS-SEQUELIZECLI-174320
- https://www.npmjs.com/advisories/825
- https://github.com/advisories/GHSA-3xc7-xg67-pw99
Blast Radius: 16.5
Affected Packages
npm:sequelize-cli
Dependent packages: 531Dependent repositories: 53,057
Downloads: 2,367,974 last month
Affected Version Ranges: <= 5.4.0
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.9.2, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 3.0.0, 3.1.0, 3.2.0, 4.0.0, 4.1.0, 4.1.1, 5.0.0, 5.0.1, 5.1.0, 5.2.0, 5.3.0, 5.4.0