CVE-2021-21421

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions node-etsy-client versions prior to 0.3.0

Description The issue affects applications using node-etsy-client, where client error reports to end users may inadvertently expose API key values.

Recommendations For versions prior to 0.3.0, update to version 0.3.0 or later to resolve the issue. As a temporary workaround for versions prior to 0.3.0, do not report or log Etsy client errors to prevent potential exposure of API key values.

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

CVE-2021-21421

GHSA-XW22-WV29-3299

Affected Products

Node-Etsy-Client

CVE-2021-21421

Weakness Enumeration

Related Identifiers

Affected Products

References · 5