Safety vulnerability ID: 53745
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Easybuild 4.1.2 includes a fix for CVE-2020-5262: GitHub personal access token leaking into temporary EasyBuild (debug) logs.
https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm
Latest version: 4.9.4
EasyBuild is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.
This release fixes a problem where the GitHub token that EasyBuild uses for some of the GitHub integration features (like `--from-pr`, `--new-pr`, etc.) got included in plain text in the 'top-level' EasyBuild log file when the `--debug` configuration option is enabled, potentially leaving it exposed to be used by others.
**We strongly encourage that you revoke the GitHub tokens you are using currently, via https://github.com/settings/tokens, and to replace them using a new token (using "eb --install-github-token --force").**
More information is available in the [security advisory that was published](https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm).
Detailed release notes at https://easybuild.readthedocs.io/en/latest/Release_notes.html#easybuild-v4-1-2-march-16th-2020 .
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application