Information Exposure

Affecting brunch package, versions <1.7.7 >=1.7.0

Do your applications use this vulnerable package? Test your applications

Overview

brunch is a fast front-end web app build tool.

Affected versions of the package expose confidential information like absolute paths to plugins, rather then the relative path to them.

Remediation

Upgrade brunch to version 1.7.7 or higher.

References

CVSS Score

3.3
low severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Credit
Paul Miller
CWE
CWE-200
Snyk ID
npm:brunch:20130925
Disclosed
24 Sep, 2013
Published
08 May, 2017