Headline
GHSA-879p-8gw4-mcpw: fgr Vulnerable to Insecure Default Variable Initialization
Impact
Any users whom would not desire a traceback to be included in their logs whenever an error is raised in their code will be affected.
If users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information and a malicious entity gained access to their log stream, this could create an issue.
Patches
None yet… users will need to upgrade to 0.4.*
Workarounds
No particularly reasonable ones at present.
References
- https://cwe.mitre.org/data/definitions/453.html
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/stack-trace-disclosure-python/
Package
pip fgr (pip)
Affected versions
<= 0.3.2
Patched versions
None
Description
Impact
Any users whom would not desire a traceback to be included in their logs whenever an error is raised in their code will be affected.
If users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information and a malicious entity gained access to their log stream, this could create an issue.
Patches
None yet… users will need to upgrade to 0.4.*
Workarounds
No particularly reasonable ones at present.
References
- https://cwe.mitre.org/data/definitions/453.html
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/stack-trace-disclosure-python/
References
- GHSA-879p-8gw4-mcpw
dan1hc published to dan1hc/fgr
Mar 13, 2024
Published to the GitHub Advisory Database
Mar 15, 2024
Reviewed
Mar 15, 2024
Last updated
Mar 15, 2024