Sensitive Data Exposure in ibm_db

Description

Versions of ibm_db prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode.

Recommendation

Update the ibm_db package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.6.0
• Patched version(s): 2.6.0

References

• GHSA-p77h-hv6g-fmfp
• snyk.io
• www.npmjs.com

Related Issues

• Cross-site Scripting in jquery-ui - CVE-2010-5312
• nuxt Code Injection vulnerability - CVE-2023-3224
• QooxDoo XSS in Callback Parameter - CVE-2011-1714
• Denial of Service in ipfs-bitswap - Vulnerability

Tags:

npm

ibm_db