An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NJonschlinkert Parse Git Config
APPJonschlinkert3.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-33671HIGH7.5ten sam vendor
Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Re...
CVE-2025-57328HIGH7.5ten sam vendor
toggle-array is a package designed to enables a property on the object at the specified index, while disabling...
CVE-2024-4068HIGH7.5ten sam vendor
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, whic...
CVE-2026-33672MEDIUM5.3ten sam vendor
Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a ...
CVE-2024-4067MEDIUM5.3ten sam vendor
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The...