NodeJS/seneca/3.4.3
A Microservices Framework for Node.js
https://www.npmjs.com/package/seneca
MIT
2 Security Vulnerabilities
Sensitive Data Exposure in seneca
Published date: 2019-09-11T23:07:57Z
CVE: CVE-2019-5483
Links:
Versions of seneca
prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output.
Recommendation
Upgrade to version 3.9.0 or later.
Affected versions:
["0.0.1", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "0.5.9", "0.5.10", "0.5.11", "0.5.12", "0.5.13", "0.5.14", "0.5.15", "0.5.16", "0.5.17", "0.5.18", "0.5.19", "0.5.20", "0.5.21", "0.6.0", "0.6.0-rc2", "0.6.1-rc0", "0.6.1-rc1", "0.6.1-rc2", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.9.0", "0.9.1", "0.9.2", "0.9.3", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "2.0.0", "2.0.1", "2.1.0", "3.0.0", "3.1.0", "3.2.0", "3.2.1", "3.2.2", "3.3.0", "3.4.0-rc0", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.5.0", "3.6.0", "3.7.0", "3.8.0-rc3", "3.8.0", "3.8.1", "3.8.2", "3.8.3", "3.8.4"]
Secure versions:
[3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.14.0, 3.14.1, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.21.0, 3.21.1, 3.21.2, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.24.0, 3.24.1, 3.25.0, 3.26.0, 3.26.1, 3.26.2, 3.27.0, 3.27.1, 3.27.2, 3.28.0, 3.28.2, 3.29.0, 3.30.0, 3.30.1, 3.31.0, 3.31.1, 3.31.2, 3.32.0, 3.32.1, 3.33.0, 3.34.0, 3.34.1, 3.35.2, 3.35.3, 3.36.0, 4.0.0-rc.2, 4.0.0-rc2, 3.37.0, 3.37.1, 4.0.0-rc3, 3.37.2, 4.0.0-rc4]
Recommendation:
Update to version 3.37.2.
Information Exposure Through an Error Message
Published date: 2019-09-03
CVEs: ["CVE-2019-5483"]
CVSS Score: 3.3
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
environment variable leakage in error reporting
Affected versions:
["0.0.1", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "0.5.9", "0.5.10", "0.5.11", "0.5.12", "0.5.13", "0.5.14", "0.5.15", "0.5.16", "0.5.17", "0.5.18", "0.5.19", "0.5.20", "0.5.21", "0.6.0", "0.6.0-rc2", "0.6.1-rc0", "0.6.1-rc1", "0.6.1-rc2", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.9.0", "0.9.1", "0.9.2", "0.9.3", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "2.0.0", "2.0.1", "2.1.0", "3.0.0", "3.1.0", "3.2.0", "3.2.1", "3.2.2", "3.3.0", "3.4.0-rc0", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.5.0", "3.6.0", "3.7.0", "3.8.0-rc3", "3.8.0", "3.8.1", "3.8.2", "3.8.3", "3.8.4"]
Secure versions:
[3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.14.0, 3.14.1, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.21.0, 3.21.1, 3.21.2, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.24.0, 3.24.1, 3.25.0, 3.26.0, 3.26.1, 3.26.2, 3.27.0, 3.27.1, 3.27.2, 3.28.0, 3.28.2, 3.29.0, 3.30.0, 3.30.1, 3.31.0, 3.31.1, 3.31.2, 3.32.0, 3.32.1, 3.33.0, 3.34.0, 3.34.1, 3.35.2, 3.35.3, 3.36.0, 4.0.0-rc.2, 4.0.0-rc2, 3.37.0, 3.37.1, 4.0.0-rc3, 3.37.2, 4.0.0-rc4]
Recommendation:
Update seneca module to version >=3.9.0
140 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.7.2 | MIT | 2 | 2015-10-27 - 09:43 | about 9 years |
0.7.1 | MIT | 2 | 2015-10-05 - 01:12 | about 9 years |
0.7.0 | MIT | 2 | 2015-10-04 - 12:46 | about 9 years |
0.6.5 | MIT | 2 | 2015-09-04 - 17:46 | about 9 years |
0.6.4 | MIT | 2 | 2015-07-29 - 14:23 | over 9 years |
0.6.3 | MIT | 2 | 2015-07-12 - 17:10 | over 9 years |
0.6.2 | MIT | 2 | 2015-06-22 - 00:31 | over 9 years |
0.6.1 | MIT | 2 | 2015-02-04 - 17:58 | almost 10 years |
0.6.1-rc2 | MIT | 2 | 2015-02-02 - 12:43 | almost 10 years |
0.6.1-rc1 | MIT | 2 | 2015-01-30 - 13:19 | almost 10 years |
0.6.1-rc0 | MIT | 2 | 2015-01-29 - 19:01 | almost 10 years |
0.6.0 | MIT | 2 | 2015-01-26 - 16:50 | almost 10 years |
0.6.0-rc2 | MIT | 2 | 2015-01-29 - 13:47 | almost 10 years |
0.5.21 | MIT | 2 | 2014-10-07 - 23:26 | about 10 years |
0.5.20 | MIT | 2 | 2014-09-07 - 11:23 | about 10 years |
0.5.19 | MIT | 2 | 2014-07-13 - 07:40 | over 10 years |
0.5.18 | MIT | 2 | 2014-07-09 - 16:07 | over 10 years |
0.5.17 | MIT | 2 | 2014-04-10 - 13:58 | over 10 years |
0.5.16 | MIT | 2 | 2014-04-09 - 12:35 | over 10 years |
0.5.15 | MIT | 2 | 2014-01-28 - 06:26 | almost 11 years |
0.5.14 | MIT | 2 | 2013-10-30 - 11:42 | about 11 years |
0.5.13 | MIT | 2 | 2013-10-01 - 15:51 | about 11 years |
0.5.12 | MIT | 2 | 2013-09-19 - 22:44 | about 11 years |
0.5.11 | MIT | 2 | 2013-08-29 - 18:39 | about 11 years |
0.5.10 | MIT | 2 | 2013-08-18 - 23:41 | about 11 years |
0.5.9 | MIT | 2 | 2013-07-09 - 00:17 | over 11 years |
0.5.8 | MIT | 2 | 2013-05-29 - 19:04 | over 11 years |
0.5.7 | MIT | 2 | 2013-05-22 - 13:47 | over 11 years |
0.5.6 | MIT | 2 | 2013-04-29 - 18:39 | over 11 years |
0.5.5 | MIT | 2 | 2013-03-27 - 17:08 | over 11 years |
0.5.4 | MIT | 2 | 2013-03-26 - 10:42 | over 11 years |
0.5.3 | MIT | 2 | 2013-03-22 - 00:34 | over 11 years |
0.5.2 | MIT | 2 | 2013-02-25 - 14:51 | over 11 years |
0.5.1 | MIT | 2 | 2013-02-25 - 06:07 | over 11 years |
0.5.0 | MIT | 2 | 2013-02-21 - 11:48 | over 11 years |
0.4.4 | MIT | 2 | 2012-12-18 - 11:57 | almost 12 years |
0.4.3 | MIT | 2 | 2012-12-17 - 19:51 | almost 12 years |
0.4.2 | MIT | 2 | 2012-11-22 - 18:59 | almost 12 years |
0.4.1 | MIT | 2 | 2012-10-12 - 14:24 | about 12 years |
0.0.1 | MIT | 2 | 2012-08-16 - 08:11 | about 12 years |