GHSA-879p-8gw4-mcpw: fgr Vulnerable to Insecure Default Variable Initialization

March 15, 2024

Impact

Any users whom would not desire a traceback to be included in their logs whenever an error is raised in their code will be affected.

If users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information and a malicious entity gained access to their log stream, this could create an issue.

Patches

None yet… users will need to upgrade to 0.4.*

Workarounds

No particularly reasonable ones at present.

References

https://cwe.mitre.org/data/definitions/453.html
https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/stack-trace-disclosure-python/

References

github.com/advisories/GHSA-879p-8gw4-mcpw
github.com/dan1hc/fgr
github.com/dan1hc/fgr/security/advisories/GHSA-879p-8gw4-mcpw

Detect and mitigate GHSA-879p-8gw4-mcpw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →