Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| npm(npm) | 0 | 6.14.6 | N/A |
CVSS Metrics
