GHSA-xr7q-jx4m-x55m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xr7q-jx4m-x55m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-xr7q-jx4m-x55m/GHSA-xr7q-jx4m-x55m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xr7q-jx4m-x55m
- Aliases
- Related
- Published
- 2024-07-05T20:07:01Z
- Modified
- 2024-07-09T21:38:29Z
- Summary
- Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
- Details
-
Impact
This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.
Patches
The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0
Workarounds
If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-07-05T20:07:01Z" }- References
Affected packages
Go / google.golang.org/grpc
Package
- Name
- google.golang.org/grpc
- View open source insights on deps.dev
- Purl
- pkg:golang/google.golang.org/grpc