log4js

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

CVSS 5.5 (MEDIUM) — CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ### Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. ### Patches Fixed by: * https://github.com/log4js-node/log4js-node/pull/1141 * https://github.com/log4js-node/streamroller/pull/87 Released to NPM in [email protected] ### Workarounds Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details. ### References Thanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem. ### For more information If you have any questions or comments about this advisory: * Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node) * Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI) * Email us at [[email protected]](mailto:[email protected])

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.