Description
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2020-1950 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2020-26149 Vulnerability in npm package nats.ws
CVE-2022-33987 Vulnerability in maven package org.webjars.npm:got
CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online
CVE-2023-38889 Vulnerability in maven package org.alluxio:alluxio-core