CVE-2024-52582

Name of the Vulnerable Software and Affected Versions Cachi2 versions prior to 0.14.0

Description Cachi2 is a command-line interface tool used to pre-fetch a project's dependencies, aiding in making the project's build process network-isolated. The issue arises when an unhandled exception is triggered, potentially showing secrets in logs because the tool logs locals of each function. This could uncover secrets, particularly if the tool is used in CI/build pipelines, which is its main use case.

Recommendations For versions prior to 0.14.0, update to version 0.14.0 to resolve the issue. At the moment, there is no information about other workarounds for this issue.