Vulnerability	Vulnerable Version
M Information Exposure @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Information Exposure via the `console.log` and `console.debug` functions, which log sensitive response payloads from external services, including bearer tokens, account numbers, and personally identifiable information, to standard output and log files. An attacker can gain unauthorized access to confidential information by obtaining access to these logs in environments where logs are accessible to unauthorized parties, such as shared or managed hosting environments. How to fix Information Exposure? Upgrade `@actual-app/sync-server` to version 25.11.0 or higher.	<25.11.0

Information Exposure

@actual-app/sync-server is an actual syncing server

Affected versions of this package are vulnerable to Information Exposure via the console.log and console.debug functions, which log sensitive response payloads from external services, including bearer tokens, account numbers, and personally identifiable information, to standard output and log files. An attacker can gain unauthorized access to confidential information by obtaining access to these logs in environments where logs are accessible to unauthorized parties, such as shared or managed hosting environments.

How to fix Information Exposure?

Upgrade @actual-app/sync-server to version 25.11.0 or higher.

<25.11.0

Go back to all versions of this package