Sensitive Data Exposure in ibm_db

Severity:: Medium

Description

Versions of ibm_db prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode.

Recommendation

Update the ibm_db package to the latest compatible version. Followings are version details:

Affected version(s): < 2.6.0
Patched version(s): 2.6.0

References

GHSA-p77h-hv6g-fmfp
snyk.io
www.npmjs.com

Related Issues

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration - CVE-2025-53092
Sensitive Data Exposure in parse-server - CVE-2019-1020013
Sensitive Data Exposure in seneca - CVE-2019-5483
Sensitive data exposure in NATS (GHSA-82rf-q3pr-4f6p) - CVE-2020-26149

Tags:: npm; ibm_db

Anything's wrong? Let us know Last updated on January 09, 2023