Описание
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-go-viper-mapstructure | fixed | 2.4.0-1 | package | |
| golang-github-go-viper-mapstructure | no-dsa | trixie | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2391829
https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c (v2.4.0)
EPSS
Связанные уязвимости
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Уязвимость библиотеки Go для декодирования общих значений карт в структуры и наоборот mapstructure, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS