Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
{ "url": "https://pkg.go.dev/vuln/GO-2024-3296", "review_status": "UNREVIEWED" }