1. Log4js-Node CVE-2022-21704: World-Readable Log Files Expose Sensitive Data in Default Config
A medium-severity vulnerability in the popular Node.js logging library, log4js-node, leaves sensitive application data exposed by default. The flaw, tracked as CVE-2022-21704, causes log files created by the library's core appenders to be set with world-readable permissions on Unix-like systems. This means any user or ...