​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-3vmr-9w93-x3v7

Published

Last updated

https://images.chainguard.dev/security/CGA-3vmr-9w93-x3v7
Package

timestamp-authority-fips

Latest Update
Under investigation
Aliases
  • CVE-2024-6104
  • GHSA-v6v8-xj6m-xwqh

Severity

6.0

Medium

CVSS V3

Summary

go-retryablehttp can leak basic auth credentials to log files

Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images