GMS-2020-739: Sensitive Data Exposure in ibm_db

September 3, 2020 (updated September 29, 2021)

Versions of ibm_db prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode.

Recommendation

Upgrade to version 2.6.0 or later and ensure sensitive information was not logged.

References

github.com/advisories/GHSA-p77h-hv6g-fmfp
github.com/ibmdb/node-ibm_db/commit/526c88b5eedc605274def65405279f6708d91ce8
github.com/ibmdb/node-ibm_db/issues/563
snyk.io/vuln/SNYK-JS-IBMDB-459762
www.npmjs.com/advisories/1185

Code Behaviors & Features

Detect and mitigate GMS-2020-739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →