Vulnerability Details : CVE-2021-21421
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
Vulnerability category: Information leak
Products affected by CVE-2021-21421
- cpe:2.3:a:node-etsy-client_project:node-etsy-client:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-21421
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-21421
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.8
|
5.2
|
GitHub, Inc. |
CWE ids for CVE-2021-21421
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-21421
-
https://github.com/creharmony/node-etsy-client/commit/b4beb8ef080366c1a87dbf9e163051a446acaa7d
Fix #17 do not report secret on error, add github action · creharmony/node-etsy-client@b4beb8e · GitHubPatch;Third Party Advisory
-
https://github.com/creharmony/node-etsy-client/security/advisories/GHSA-xw22-wv29-3299
ApiKey secret could be revelated on network issue · Advisory · creharmony/node-etsy-client · GitHubThird Party Advisory
Jump to