Homepage
About Snyk

Credential Exposure Affecting ibm_db package, versions <2.6.0

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-IBMDB-459762
  • published 20 Sep 2019
  • disclosed 16 Aug 2019
  • credit bimalkjha
Report a new vulnerability Found a mistake?

Introduced: 16 Aug 2019

CVE NOT AVAILABLE CWE-255 Open this link in a new tab

How to fix?

Upgrade ibm_db to version 2.6.0 or higher.

Overview

ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix.

Affected versions of this package are vulnerable to Credential Exposure. The debug log exposes passwords in plaintext string.

CVSS Scores

version 3.1
Expand this section

Snyk

5 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None