Logo
Submit a FixGo To App

AIKIDO-2024-10153

statsig is vulnerable to Information Disclosure

40

Medium

statsig

AIKIDO-2024-10153: statsig is vulnerable to Information Disclosure in versions 0.1.0 - 0.33.0.

Information Disclosure
Vuln in 0.1.0 - 0.33.0
Fixed in 0.34.0
No CVE available
TL;DR

Affected versions of statsig expose sensitive information (such as the API key) in the logs, which may end up in logs of (error) logging monitoring..

Who does this affect?

You're affected if you use a vulnerable version of statsig.

How can it be fixed?

Upgrade statsig to the patch version.

Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For Free
Your data won't be shared · Read-only access
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US