Insecure Initialization of Resource Affecting fgr package, versions [,0.4.0)
Snyk CVSS
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FGR-6450219
- published 17 Mar 2024
- disclosed 15 Mar 2024
- credit dan1hc
How to fix?
Upgrade fgr to version 0.4.0 or higher.
Overview
fgr is a Zero-dependency Python framework for object oriented development.
Affected versions of this package are vulnerable to Insecure Initialization of Resource due to insecure default variable initialization. An attacker can gain access to sensitive information in the log stream if a traceback includes such information and the attacker has access to the log stream. This is only exploitable if users have inadvertently created a scenario in their code that could cause a traceback to include sensitive information.