Sensitive Data In Log Filesgrunt-gh-pages
grunt-gh-pages prior to 1.0.0 are affected by a vulnerability which may cause unencrypted github credentials to be written to a log file in certain circumstances.
grunt-gh-pages deployment scenario where authentication is performed by injecting a github token directly into the auth portion of the URL,
grunt-gh-pages will write the token to a log file, unencrypted.
Update to version 1.0.0 or later.
publishedAdvisory publishedMar 16th, 2016
reportedInitial report by Stephan BönnemannMar 16th, 2016