Insertion of Sensitive Information into Log File in OWASP DependencyCheck

GHSA-frxm-v7q3-v2wv · CVE-2024-23686

Published Jan 20, 2024 · Modified Jun 17, 2025

Description

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

References

WEB https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-23686
ADVISORY https://github.com/advisories/GHSA-qqhq-8r2c-c3f5
PACKAGE https://github.com/jeremylong/DependencyCheck
WEB https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes