GHSA-mpx4-jmpr-vm8vLow
PGHoard: Password written to debug log
🔗 CVE IDs covered (1)
📋 Description
Impact
When using .pgpass, database connection information including the username and password will be logged at the debug level.
Patches
Upgrade to version 2.7.1 or greater.
Workarounds
Filter out debug-level logs.
References
This issue was discovered by BugCrowd user DRAKOKORIAN.
🎯 Affected products1
- pip/pghoard:<= 2.1.0