easybuild-framework is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.
Affected versions of this package are vulnerable to Information Disclosure.
The GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like
--from-pr, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the
develop branches of the
easybuild-framework to version 4.1.2 or higher.