org.webjars.npm:log4js@2.5.3 vulnerabilities

latest version

6.2.1

first published

9 years ago

latest version published

4 years ago

licenses detected

Apache-2.0
[0.6.25,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:log4js package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure org.webjars.npm:log4js is a Port of Log4js to work with node. Affected versions of this package are vulnerable to Information Exposure via the default file permissions for log files that are created by the `file`, `fileSync` and `dateFile` appenders which are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. How to fix Information Exposure? There is no fixed version for `org.webjars.npm:log4js`.	[0,)

Information Exposure

org.webjars.npm:log4js is a Port of Log4js to work with node.

Affected versions of this package are vulnerable to Information Exposure via the default file permissions for log files that are created by the file, fileSync and dateFile appenders which are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.

How to fix Information Exposure?

There is no fixed version for org.webjars.npm:log4js.

[0,)

Go back to all versions of this package