CVE-2025-6624
HIGH7.2EPSS 0.11%Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode in github.com/snyk/go-application-framework
發布日:2025/6/26修改日:2026/3/3
描述
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode in github.com/snyk/go-application-framework
受影響套件(3)
- Go/github.com/snyk/go-application-frameworkfrom 0
- Go/github.com/snyk/go-application-frameworkfrom 0
- npm/snykfrom 0, < 1.1297.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P |
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-6hwc-9h8r-3vmf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-6624
- WEBhttps://docs.snyk.io/snyk-cli/debugging-the-snyk-cli
- WEBhttps://github.com/snyk
- WEBhttps://github.com/snyk/cli/commit/38322f377da7e5f1391e1f641710be50989fa4df
- WEBhttps://github.com/snyk/cli/releases/tag/v1.1297.3
- WEBhttps://github.com/snyk/go-application-framework/commit/ca7ba7d72e68455afb466a7a47bb2c9aece86c18
- WEBhttps://security.snyk.io/vuln/SNYK-JS-SNYK-10497607