Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40mittwald/kubernetes@3.2.0
Typenpm
Namespace@mittwald
Namekubernetes
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.5.0
Latest_non_vulnerable_version3.5.0
Affected_by_vulnerabilities
0
url VCID-yepv-hau1-nug2
vulnerability_id VCID-yepv-hau1-nug2
summary 
@mittwald/kubernetes's secret contents leaked via debug logging
### Impact

When debug logging is enabled (via `DEBUG` environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from `Secret` resources.

When running in a Kubernetes cluster, this might expose sensitive information to users who are _not_ authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).

### Patches
Upgrade to 3.5.0 or newer.

### Workarounds
Disable debug logging entirely, or exclude the `kubernetes:client` debug item (for example, using `DEBUG=*,-kubernetes:client`).

### References

- https://cwe.mitre.org/data/definitions/532.html
references
0
reference_url https://github.com/mittwald/node-kubernetes
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mittwald/node-kubernetes
1
reference_url https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd
2
reference_url https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0
3
reference_url https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j
4
reference_url https://github.com/advisories/GHSA-g35x-j6jj-8g7j
reference_id GHSA-g35x-j6jj-8g7j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g35x-j6jj-8g7j
fixed_packages
0
url pkg:npm/%40mittwald/kubernetes@3.5.0
purl pkg:npm/%40mittwald/kubernetes@3.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540mittwald/kubernetes@3.5.0
aliases GHSA-g35x-j6jj-8g7j, GMS-2023-1356
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yepv-hau1-nug2
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540mittwald/kubernetes@3.2.0