GO-2024-2947

Source
https://pkg.go.dev/vuln/GO-2024-2947
Import Source
https://vuln.go.dev/ID/GO-2024-2947.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2947
Aliases
Published
2024-06-25T19:47:45Z
Modified
2024-07-15T22:42:22.560291Z
Summary
Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp
Details

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log file.

References

Affected packages

Go / github.com/hashicorp/go-retryablehttp

Package

Name
github.com/hashicorp/go-retryablehttp
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/go-retryablehttp

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.7

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/hashicorp/go-retryablehttp",
            "symbols": [
                "Client.Do",
                "Client.Get",
                "Client.Head",
                "Client.Post",
                "Client.PostForm",
                "Get",
                "Head",
                "Post",
                "PostForm",
                "RoundTripper.RoundTrip"
            ]
        }
    ]
}