Medium severity4.7OSV Advisory· Published Nov 19, 2024· Updated Apr 15, 2026
CVE-2024-52582
CVE-2024-52582
Description
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0.0.0, 0.1.0, 0.10.0, …
- Range: <0.14.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.