PT-2019-17701 · Seneca · Seneca

Published

2019-09-09

Updated

2019-10-09

CVE-2019-5483

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Seneca versions prior to 3.9.0

Description The issue could lead to exposing environment variables to unauthorized users. When a process using the package crashes, all environment variables are printed, which may leak sensitive data such as access keys, especially in scenarios where log-monitoring systems store the error output.

Recommendations Upgrade to version 3.9.0 or later.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2019-5483

GHSA-2XWV-3CC9-FP7C

Affected Products

Seneca

PT-2019-17701 · Seneca · Seneca

CVE-2019-5483

Weakness Enumeration

Related Identifiers

Affected Products

References · 6