cachethq/cachet is vulnerable to information leakage. Configuration values of the dotenv file, e.g. the application secret (APP_KEY
) and various passwords (email, database, etc) are exposed in UpdateConfigCommandHandler
due to the use of nested variables in the resulting dotenv configuration file.
CPE | Name | Operator | Version |
---|---|---|---|
cachethq/cachet | eq | 2.4.x-dev | |
cachethq/cachet | eq | 2.4.x-dev |