Source: golang-github-hashicorp-go-retryablehttp
Version: 0.7.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for 
golang-github-hashicorp-go-retryablehttp.

CVE-2024-6104[0]:
| go-retryablehttp prior to 0.7.7 did not sanitize urls when writing
| them to its log file. This could lead to go-retryablehttp writing
| sensitive HTTP basic auth credentials to its log file. This
| vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-6104
    https://www.cve.org/CVERecord?id=CVE-2024-6104

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to