Advisories for Maven/Org.owasp/Dependency-Check-Ant package

2024
2023

nvdApiKey is logged in debug mode

Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print ****** Note that while the NVD API Key is an access token for the NVD API - they are not that sensitive. …