Oocx

**Name of the Vulnerable Software and Affected Versions** tfplan2md versions prior to 1.26.1 **Description** tfplan2md is software used to convert Terraform plan JSON files into Markdown reports. Versions of the software prior to 1.26.1 had a flaw where sensitive values that should have been masked as "(sensitive)" were instead rendered in plain text in several rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. This resulted in potential exposure of sensitive data. **Recommendations** Update to version 1.26.1 or later.