{"id":"CVE-2019-3500","details":"aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.","modified":"2026-04-16T04:35:21.869757898Z","published":"2019-01-02T07:29:00.197Z","related":["openSUSE-SU-2019:0050-1","openSUSE-SU-2021:1125-1","openSUSE-SU-2024:10631-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MUUYDELHRLVE2AFNVR3OJ6ILUKVLY4B/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5OLPTVYHJZJ2MVEXJCNPXBSFPVPE4XX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/532M22TAOOIY3J4XX4R7BLZHXJRUSBQ2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3965-1/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00012.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00039.html"},{"type":"FIX","url":"https://github.com/aria2/aria2/issues/1329"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aria2/aria2","events":[{"introduced":"0"},{"last_affected":"dd0413ee5062ffe5212655c7953c28737a5098f3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.33.1"}]}}],"versions":["release-1.10.7","release-1.10.8","release-1.10.9","release-1.11.0","release-1.11.1","release-1.11.2","release-1.12.0","release-1.12.1","release-1.13.0","release-1.14.0","release-1.14.1","release-1.14.2","release-1.15.0","release-1.15.1","release-1.15.2","release-1.16.0","release-1.16.1","release-1.16.2","release-1.16.3","release-1.16.4","release-1.16.5","release-1.17.0","release-1.17.1","release-1.18.0","release-1.18.1","release-1.18.10","release-1.18.2","release-1.18.3","release-1.18.4","release-1.18.5","release-1.18.6","release-1.18.7","release-1.18.8","release-1.18.9","release-1.19.0","release-1.19.1","release-1.19.2","release-1.19.3","release-1.20.0","release-1.21.0","release-1.22.0","release-1.23.0","release-1.24.0","release-1.25.0","release-1.26.0","release-1.27.0","release-1.27.1","release-1.28.0","release-1.29.0","release-1.30.0","release-1.31.0","release-1.32.0","release-1.33.0","release-1.33.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3500.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}