log4js is vulnerable to information disclosure. Log files with sensitive user details are vulnerable when users have not supplied their own permissions for the said files via the mode
parameter in the config
allowing attackers to gain access to the sensitive information from log files.
github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640
github.com/log4js-node/log4js-node/commit/8042252861a1b65adb66931fdf702ead34fa9b76
github.com/log4js-node/log4js-node/pull/1141
github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76
github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q
github.com/log4js-node/streamroller/pull/87
lists.debian.org/debian-lts-announce/2022/12/msg00014.html