CVE-2021-32770: Insufficiently Protected Credentials

July 15, 2021 (updated October 25, 2022)

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected.

References

nvd.nist.gov/vuln/detail/CVE-2021-32770

Detect and mitigate CVE-2021-32770 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →