Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Basic-auth app bundle credential exposure in gatsby-source-wordpress
Vulnerability Description
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in gatsby-source-wordpress@4.0.8 and gatsby-source-wordpress@5.9.2 which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
gatsby 信息泄露漏洞
Vulnerability Description
gatsby是一个应用软件。一个基于 React 的免费开源框架,可帮助开发人员构建极快的网站和应用程序。 gatsby存在安全漏洞,该漏洞源于 gatsby-source-wordpress 插件在构建时将 .htaccess HTTP 基本身份验证变量泄漏到 app.js 包中。
CVSS Information
N/A
Vulnerability Type
N/A