Unrated severityNVD Advisory· Published Jan 6, 2021· Updated Aug 4, 2024

CVE-2020-29041

Description

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.

Affected products

Web-Sesame/Web-Sesamedescription
TIL Technologies/Web-Sesamellm-create
Range: = 2020.1.1.3375

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-sesame-application-of-til-technologies/mitrex_refsource_MISC
blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sein-de-lapplication-web-sesame-de-til-technologies/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000