1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-FRXM-V7Q3-V2WV

[MAVEN:GHSA-FRXM-V7Q3-V2WV] Insertion of Sensitive Information into Log File in OWASP DependencyCheck

Severity Moderate
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Package Affected Version
pkg:maven/org.owasp/dependency-check-maven >= 9.0.0, < 9.0.6
pkg:maven/org.owasp/dependency-check-cli >= 9.0.0, < 9.0.6
pkg:maven/org.owasp/dependency-check-ant >= 9.0.0, < 9.0.6
Package Fixed Version
pkg:maven/org.owasp/dependency-check-maven = 9.0.6
pkg:maven/org.owasp/dependency-check-cli = 9.0.6
pkg:maven/org.owasp/dependency-check-ant = 9.0.6
ID
MAVEN:GHSA-FRXM-V7Q3-V2WV
Severity
moderate
URL
https://github.com/advisories/GHSA-frxm-v7q3-v2wv
Published
2024-01-20T00:30:27
(8 months ago)
Modified
2024-01-23T14:36:58
(7 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.owasp/dependency-check-maven org.owasp dependency-check-maven >= 9.0.0 < 9.0.6
Fixed pkg:maven/org.owasp/dependency-check-maven org.owasp dependency-check-maven = 9.0.6
Affected pkg:maven/org.owasp/dependency-check-cli org.owasp dependency-check-cli >= 9.0.0 < 9.0.6
Fixed pkg:maven/org.owasp/dependency-check-cli org.owasp dependency-check-cli = 9.0.6
Affected pkg:maven/org.owasp/dependency-check-ant org.owasp dependency-check-ant >= 9.0.0 < 9.0.6
Fixed pkg:maven/org.owasp/dependency-check-ant org.owasp dependency-check-ant = 9.0.6
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date