Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)
Vulnerability Description
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could lead to data exfiltration, modification or deletion.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
配置文件中存储口令
Vulnerability Title
eslint-ban-moment 安全漏洞
Vulnerability Description
eslint-ban-moment是Kristófer Fannar Björnsson个人开发者的一个应用程序。 eslint-ban-moment 3.0.0及之前版本存在安全漏洞,该漏洞源于.env文件中暴露敏感Supabase URI,可能导致数据渗漏、修改或删除。
CVSS Information
N/A
Vulnerability Type
N/A