Description
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
References (3)
Core 3
Core References
Third Party Advisory
https://github.com/advisories/GHSA-wpg7-2c88-r8xv
Patch, Third Party Advisory
https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f
Exploit, Third Party Advisory
https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31
Scores
CVSS v3
8.8
EPSS
0.0199
EPSS Percentile
78.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-212
Status
published
Products (3)
npm/simple-get
4.0.0 - 4.0.1npm
simple-get_project/simple-get
4.0.0
simple-get_project/simple-get
< 2.8.2
Published
Jan 26, 2022
Tracked Since
Feb 18, 2026