CVE-2023-2138: Use of Hard-coded Credentials

April 18, 2023 (updated April 27, 2023)

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2.

References

github.com/advisories/GHSA-fp2w-g92g-fgq4
github.com/nuxtlabs/github-module/commit/5490c43f729eee60f07920bf88c0aabdc1398b6e
github.com/nuxtlabs/github-module/releases/tag/v1.6.2
huntr.dev/bounties/65096ef9-eafc-49da-b49a-5b88c0203ca6
nvd.nist.gov/vuln/detail/CVE-2023-2138

Code Behaviors & Features

Detect and mitigate CVE-2023-2138 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →