Homepage

org.apache.maven.scm:maven-scm-providers-git@2.1.0 vulnerabilities

  • latest version

    2.1.0

  • latest non vulnerable version

    2.0.1

  • first published

    16 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.maven.scm:maven-scm-providers-git package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    org.apache.maven.scm:maven-scm-providers-git is a SCM Provider implementation for Git

    Affected versions of this package are vulnerable to Information Exposure due to improper handling of passwords in different components. When a git password contains special characters, a discrepancy in encoding methods between the URI class and URLEncode.encode can cause the password masking to fail in the JGit provider, leading to the password being logged in a URI-encoded but otherwise clear format. In another instance, if a ls-remote command fails in the Gitexe provider, an exception is thrown containing the full fetch URL, which includes the URI-encoded password without it being masked.

    How to fix Information Exposure?

    A fix was pushed into the master branch but not yet published.

    [2.1.0,)
    Go back to all versions of this package