Information Disclosure

2019-12-1701:56:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.008 Low

EPSS

Percentile

81.5%

JSON

excon is vulnerable to information disclosure. The vulnerability exists as a race condition, whereby an attacker could cause interrupted persistent connections to leave data on the socket, allowing subsequent requests to read the content.

CPENameOperatorVersion
exconle0.70.0
exconle0.70.0

CPE	Name	Operator	Version
	excon	le	0.70.0
	excon	le	0.70.0

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00021.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00062.html

github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29

github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9

lists.debian.org/debian-lts-announce/2020/01/msg00015.html

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for VERACODE:22181