CVE-2020-15095: Inclusion of Sensitive Information in Log Files

July 7, 2020 (updated January 11, 2021)

npm CLI is vulnerable to an information exposure vulnerability through log files. The password value is not redacted and is printed to stdout and also to any generated log files.

References

nvd.nist.gov/vuln/detail/CVE-2020-15095

Detect and mitigate CVE-2020-15095 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →