Filtered by vendor Grunt-gh-pages Project Subscriptions
Filtered by product Grunt-gh-pages Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-10526 1 Grunt-gh-pages Project 1 Grunt-gh-pages 2024-11-21 N/A
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.