Information Exposure

Affecting brunch package, versions <1.7.7 >=1.7.0

low severity

Overview

brunch is a fast front-end web app build tool.

Affected versions of the package expose confidential information like absolute paths to plugins, rather then the relative path to them.

Remediation

Upgrade brunch to version 1.7.7 or higher.

References

Do your applications use this vulnerable package?

Credit
Paul Miller
CWE
CWE-200
Snyk ID
npm:brunch:20130925
Disclosed
24 Sep, 2013
Published
08 May, 2017