CVE-2025-57754
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could lead to data exfiltration, modification or deletion.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kristoferfannar | eslint-ban-moment | 3.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-260 | The product stores a password in a configuration file that might be accessible to actors who do not know the password. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in eslint-ban-moment (version 3.0.0 and earlier) exposes a sensitive Supabase URI in the .env file. The URI contains an embedded username and password, which if accessed by an attacker, allows complete unauthorized access and control over the database and user data.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain full unauthorized access to your database and user data, potentially leading to data exfiltration, modification, or deletion.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70