Homepage

easybuild-framework@1.0.1 vulnerabilities

The EasyBuild framework supports the creation of custom easyblocks that implement support for installing particular (groups of) software packages.

  • latest version

    4.9.4

  • latest non vulnerable version

    4.9.4

  • first published

    12 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View easybuild-framework package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the easybuild-framework package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Disclosure

    easybuild-framework is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.

    Affected versions of this package are vulnerable to Information Disclosure. The GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --from-pr, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the easybuild-framework repository.

    How to fix Information Disclosure?

    Upgrade easybuild-framework to version 4.1.2 or higher.

    [,4.1.2)
    Go back to all versions of this package