Semantic-Release Project: >> Semantic-Release >> 10.0.1 Security Vulnerabilities
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-11-18