Homepage
About Snyk

easybuild-framework@1.7.0 vulnerabilities

The EasyBuild framework supports the creation of custom easyblocks that implement support for installing particular (groups of) software packages.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the easybuild-framework package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Disclosure

easybuild-framework is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.

Affected versions of this package are vulnerable to Information Disclosure. The GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --from-pr, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the easybuild-framework repository.

How to fix Information Disclosure?

Upgrade easybuild-framework to version 4.1.2 or higher.

[,4.1.2)
Go back to all versions of this package