CVE-2021-21421
HIGHnode-etsy-client < 0.3.0 - Sensitive Information Exposure via Error Message
Title source: llmDescription
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/creharmony/node-etsy-client/security/advisories/GHSA-xw22-wv29-3299
Patch, Third Party Advisory x_refsource_misc
https://github.com/creharmony/node-etsy-client/commit/b4beb8ef080366c1a87dbf9e163051a446acaa7d
Scores
CVSS v3
8.1
EPSS
0.0106
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-209
CWE-200
Status
published
Products (2)
node-etsy-client_project/node-etsy-client
< 0.3.0
npm/node-etsy-client
0 - 0.3.0npm
Published
Apr 01, 2021
Tracked Since
Feb 18, 2026