CNNVD-202601-1800 Information
CNNVD ID
CNNVD-202601-1800
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Hermes是Automated Software Metadata Publication开源的一个工作流平台。 hermes 0.8.1版本至0.9.1之前版本存在日志信息泄露漏洞,该漏洞源于hermes子命令在-O参数下记录原始形式的任意选项,可能导致敏感数据以明文形式写入日志文件。
Description (English)
Hermes is an open-source workflow platform for Automated Software Metadata Publicisation. Hermes 0.8.1 to 0.9.1 had a log information leakage loophole, which stemmed from any option that hermes sub-ordered to record the original form under the –O parameter, which could lead to sensitive data being written in explicit form into log files.
Hazard Level
High
Vulnerability Type
日志信息泄露
Affected Vendor
Automated Software Metadata Publication
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 https://github.com/softwarepub/hermes/commit/90cb86acd026e7841f2539ae7a1b284a7f263514 https://github.com/softwarepub/hermes/security/advisories/GHSA-jm5j-jfrm-hm23
Patch
https://github.com/softwarepub/hermes/releases
Share on: