{"vulnerability": "CVE-2020-26226", "sightings": [{"uuid": "9fb13e3f-7c41-4fbc-9374-fa4d34b0a064", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26226", "type": "seen", "source": "https://t.me/cibsecurity/16564", "content": "\u203c CVE-2020-26226 \u203c\n\nIn the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T00:40:41.000000Z"}, {"uuid": "0ce79c5d-6f12-4701-8caa-270413c38a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26226", "type": "seen", "source": "https://t.me/cibsecurity/17398", "content": "\u203c CVE-2020-26226 \u203c\n\nIn the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T06:25:20.000000Z"}]}