CVE-2022-0338

NameCVE-2022-0338
DescriptionInsertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
loguru (PTS)bookworm0.6.0-3vulnerable
sid, trixie0.7.3-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
logurusource(unstable)(unfixed)unimportant

Notes

https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
loguru documents security considerations and best practices to follow

Search for package or bug name: Reporting problems