CVE-2020-26226: Improper Encoding or Escaping of Output

November 18, 2020 (updated December 3, 2020)

In the npm package semantic-release, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed

References

nvd.nist.gov/vuln/detail/CVE-2020-26226

Detect and mitigate CVE-2020-26226 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →