Severity: moderate

Sensitive Data In Log Files



Versions of grunt-gh-pages prior to 1.0.0 are affected by a vulnerability which may cause unencrypted github credentials to be written to a log file in certain circumstances.

In the grunt-gh-pages deployment scenario where authentication is performed by injecting a github token directly into the auth portion of the URL, grunt-gh-pages will write the token to a log file, unencrypted.


Update to version 1.0.0 or later.


Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Mar 16th, 2016
  2. reported

    Initial report by Stephan Bönnemann
    Mar 16th, 2016