Identifier

CVE-2020-15095

Package Slug

npm/cli

Vulnerability

Inclusion of Sensitive Information in Log Files

Description

npm CLI is vulnerable to an information exposure vulnerability through log files. The password value is not redacted and is printed to stdout and also to any generated log files.

Affected Versions

All versions before 6.14.6

Solution

Upgrade to version 6.14.6 or above.

Last Modified

2020-07-22

source