Dmosen

**Name of the Vulnerable Software and Affected Versions** semantic-release versions prior to 19.0.3 **Description** The issue concerns the accidental disclosure of secrets in semantic-release, an open source npm package for automated version management and package publishing. Secrets that would normally be masked by semantic-release can be disclosed if they contain characters excluded from URI encoding by `encodeURI`. This occurrence is limited to execution contexts where push access to the related repository requires modifying the repository URL to inject credentials. **Recommendations** For versions prior to 19.0.3, upgrade to version 19.0.3 to resolve the issue. As a temporary workaround for users unable to upgrade, ensure that secrets without characters excluded from encoding with `encodeURI` when included in a URL are already masked properly.