NodeJS/seneca/3.4.3


A Microservices Framework for Node.js

https://www.npmjs.com/package/seneca
MIT

2 Security Vulnerabilities

Sensitive Data Exposure in seneca

Published date: 2019-09-11T23:07:57Z
CVE: CVE-2019-5483
Links:

Versions of seneca prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output.

Recommendation

Upgrade to version 3.9.0 or later.

Affected versions: ["0.0.1", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "0.5.9", "0.5.10", "0.5.11", "0.5.12", "0.5.13", "0.5.14", "0.5.15", "0.5.16", "0.5.17", "0.5.18", "0.5.19", "0.5.20", "0.5.21", "0.6.0", "0.6.0-rc2", "0.6.1-rc0", "0.6.1-rc1", "0.6.1-rc2", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.9.0", "0.9.1", "0.9.2", "0.9.3", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "2.0.0", "2.0.1", "2.1.0", "3.0.0", "3.1.0", "3.2.0", "3.2.1", "3.2.2", "3.3.0", "3.4.0-rc0", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.5.0", "3.6.0", "3.7.0", "3.8.0-rc3", "3.8.0", "3.8.1", "3.8.2", "3.8.3", "3.8.4"]
Secure versions: [3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.14.0, 3.14.1, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.21.0, 3.21.1, 3.21.2, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.24.0, 3.24.1, 3.25.0, 3.26.0, 3.26.1, 3.26.2, 3.27.0, 3.27.1, 3.27.2, 3.28.0, 3.28.2, 3.29.0, 3.30.0, 3.30.1, 3.31.0, 3.31.1, 3.31.2, 3.32.0, 3.32.1, 3.33.0, 3.34.0, 3.34.1, 3.35.2, 3.35.3, 3.36.0, 4.0.0-rc.2, 4.0.0-rc2, 3.37.0, 3.37.1, 4.0.0-rc3, 3.37.2, 4.0.0-rc4]
Recommendation: Update to version 3.37.2.

Information Exposure Through an Error Message

Published date: 2019-09-03
CVEs: ["CVE-2019-5483"]
CVSS Score: 3.3
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:

environment variable leakage in error reporting

Affected versions: ["0.0.1", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "0.5.9", "0.5.10", "0.5.11", "0.5.12", "0.5.13", "0.5.14", "0.5.15", "0.5.16", "0.5.17", "0.5.18", "0.5.19", "0.5.20", "0.5.21", "0.6.0", "0.6.0-rc2", "0.6.1-rc0", "0.6.1-rc1", "0.6.1-rc2", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.9.0", "0.9.1", "0.9.2", "0.9.3", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "2.0.0", "2.0.1", "2.1.0", "3.0.0", "3.1.0", "3.2.0", "3.2.1", "3.2.2", "3.3.0", "3.4.0-rc0", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.5.0", "3.6.0", "3.7.0", "3.8.0-rc3", "3.8.0", "3.8.1", "3.8.2", "3.8.3", "3.8.4"]
Secure versions: [3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.14.0, 3.14.1, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.21.0, 3.21.1, 3.21.2, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.24.0, 3.24.1, 3.25.0, 3.26.0, 3.26.1, 3.26.2, 3.27.0, 3.27.1, 3.27.2, 3.28.0, 3.28.2, 3.29.0, 3.30.0, 3.30.1, 3.31.0, 3.31.1, 3.31.2, 3.32.0, 3.32.1, 3.33.0, 3.34.0, 3.34.1, 3.35.2, 3.35.3, 3.36.0, 4.0.0-rc.2, 4.0.0-rc2, 3.37.0, 3.37.1, 4.0.0-rc3, 3.37.2, 4.0.0-rc4]
Recommendation: Update seneca module to version >=3.9.0

140 Other Versions

Version License Security Released
0.7.2 MIT 2 2015-10-27 - 09:43 about 9 years
0.7.1 MIT 2 2015-10-05 - 01:12 about 9 years
0.7.0 MIT 2 2015-10-04 - 12:46 about 9 years
0.6.5 MIT 2 2015-09-04 - 17:46 about 9 years
0.6.4 MIT 2 2015-07-29 - 14:23 over 9 years
0.6.3 MIT 2 2015-07-12 - 17:10 over 9 years
0.6.2 MIT 2 2015-06-22 - 00:31 over 9 years
0.6.1 MIT 2 2015-02-04 - 17:58 almost 10 years
0.6.1-rc2 MIT 2 2015-02-02 - 12:43 almost 10 years
0.6.1-rc1 MIT 2 2015-01-30 - 13:19 almost 10 years
0.6.1-rc0 MIT 2 2015-01-29 - 19:01 almost 10 years
0.6.0 MIT 2 2015-01-26 - 16:50 almost 10 years
0.6.0-rc2 MIT 2 2015-01-29 - 13:47 almost 10 years
0.5.21 MIT 2 2014-10-07 - 23:26 about 10 years
0.5.20 MIT 2 2014-09-07 - 11:23 about 10 years
0.5.19 MIT 2 2014-07-13 - 07:40 over 10 years
0.5.18 MIT 2 2014-07-09 - 16:07 over 10 years
0.5.17 MIT 2 2014-04-10 - 13:58 over 10 years
0.5.16 MIT 2 2014-04-09 - 12:35 over 10 years
0.5.15 MIT 2 2014-01-28 - 06:26 almost 11 years
0.5.14 MIT 2 2013-10-30 - 11:42 about 11 years
0.5.13 MIT 2 2013-10-01 - 15:51 about 11 years
0.5.12 MIT 2 2013-09-19 - 22:44 about 11 years
0.5.11 MIT 2 2013-08-29 - 18:39 about 11 years
0.5.10 MIT 2 2013-08-18 - 23:41 about 11 years
0.5.9 MIT 2 2013-07-09 - 00:17 over 11 years
0.5.8 MIT 2 2013-05-29 - 19:04 over 11 years
0.5.7 MIT 2 2013-05-22 - 13:47 over 11 years
0.5.6 MIT 2 2013-04-29 - 18:39 over 11 years
0.5.5 MIT 2 2013-03-27 - 17:08 over 11 years
0.5.4 MIT 2 2013-03-26 - 10:42 over 11 years
0.5.3 MIT 2 2013-03-22 - 00:34 over 11 years
0.5.2 MIT 2 2013-02-25 - 14:51 over 11 years
0.5.1 MIT 2 2013-02-25 - 06:07 over 11 years
0.5.0 MIT 2 2013-02-21 - 11:48 over 11 years
0.4.4 MIT 2 2012-12-18 - 11:57 almost 12 years
0.4.3 MIT 2 2012-12-17 - 19:51 almost 12 years
0.4.2 MIT 2 2012-11-22 - 18:59 almost 12 years
0.4.1 MIT 2 2012-10-12 - 14:24 about 12 years
0.0.1 MIT 2 2012-08-16 - 08:11 about 12 years