CVE-2024-38516: Aimeos HTML client may potentially reveal sensitive information in error log

June 25, 2024

Debug information can reveal sensitive information from environment variables in error log

References

github.com/advisories/GHSA-ppm5-jv84-2xg2
github.com/aimeos/ai-client-html
github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132
github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2
nvd.nist.gov/vuln/detail/CVE-2024-38516

Detect and mitigate CVE-2024-38516 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →