Moderate severityOSV Advisory· Published Jan 19, 2024· Updated Nov 29, 2025
DependencyCheck Debug Mode Logging of NVD API Key
CVE-2024-23686
Description
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.owasp:dependency-check-antMaven | >= 9.0.0, < 9.0.6 | 9.0.6 |
org.owasp:dependency-check-cliMaven | >= 9.0.0, < 9.0.6 | 9.0.6 |
org.owasp:dependency-check-mavenMaven | >= 9.0.0, < 9.0.6 | 9.0.6 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.owasp/dependency-check-antpkg:maven/org.owasp/dependency-check-clipkg:maven/org.owasp/dependency-check-maven
>= 9.0.0, < 9.0.6+ 2 more
- (no CPE)range: >= 9.0.0, < 9.0.6
- (no CPE)range: >= 9.0.0, < 9.0.6
- (no CPE)range: >= 9.0.0, < 9.0.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-frxm-v7q3-v2wvghsaADVISORY
- github.com/advisories/GHSA-qqhq-8r2c-c3f5ghsathird-party-advisoryADVISORY
- github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-23686ghsaADVISORY
- vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5ghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.