Slubar

**Name of the Vulnerable Software and Affected Versions** CVEProject/cve-services versions prior to 1.1.1 CVEProject/cve-services versions 2.x **Description** The issue concerns a conditional in 'data.js' that may write production secrets to disk. Specifically, the method writes a generated `randomKey` to disk if the environment is not development. This could potentially expose the plaintext key if the method is called in production. **Recommendations** For version 1.1.1, a "hot fix" patch is anticipated, and users should apply this patch once available. For the 2.x branch, a "hot fix" patch is anticipated, and users should apply this patch once available. As a temporary workaround, consider restricting the execution of the affected method in production environments to minimize the risk of secrets being written to disk.