This Particular example demonstrates how you can sync paid/captured order status updates from Moltin to trigger emailing generated label from Shippo via Webhook API.
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
CVE-2020-15095 - Medium Severity Vulnerability
a package manager for JavaScript
Library home page: https://registry.npmjs.org/npm/-/npm-6.9.0.tgz
Path to dependency file: sync-moltin-to-shippo/package.json
Path to vulnerable library: sync-moltin-to-shippo/node_modules/npm/package.json
Dependency Hierarchy: - semantic-release-15.13.15.tgz (Root Library) - npm-5.1.7.tgz - :x: **npm-6.9.0.tgz** (Vulnerable Library)
Found in HEAD commit: 8e97c47fbfdda4427f8e99c4173a1d1f5e7e4afb
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
Publish Date: 2020-07-07
URL: CVE-2020-15095
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
Release Date: 2020-07-07
Fix Resolution: npm - 6.14.6
Step up your Open Source Security Game with WhiteSource here