Lucene search

K

Veracode Vulnerability DatabaseVERACODE:33801

HistoryJan 21, 2022 - 6:45 a.m.

Information Disclosure

2022-01-2106:45:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

log4js

vulnerability

information disclosure

sensitive user details

permissions

config

attackers

gain access

EPSS

0.001

Percentile

17.3%

log4js is vulnerable to information disclosure. Log files with sensitive user details are vulnerable when users have not supplied their own permissions for the said files via the mode parameter in the config allowing attackers to gain access to the sensitive information from log files.

References

github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640

github.com/log4js-node/log4js-node/commit/8042252861a1b65adb66931fdf702ead34fa9b76

github.com/log4js-node/log4js-node/pull/1141

github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76

github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q

github.com/log4js-node/streamroller/pull/87

lists.debian.org/debian-lts-announce/2022/12/msg00014.html

EPSS

0.001

Percentile

17.3%

Related for VERACODE:33801

osv3 nessus1 ibm6 prion1 openvas1 debian1 ubuntucve1 nvd1 github1 cvelist1 debiancve1 cve1