Описание
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references.
Original Description
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
Ссылки
- https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
- https://nvd.nist.gov/vuln/detail/CVE-2025-11065
- https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c
- https://access.redhat.com/security/cve/CVE-2025-11065
- https://bugzilla.redhat.com/show_bug.cgi?id=2391829
Пакеты
Наименование
github.com/go-viper/mapstructure/v2
go
Затронутые версииВерсия исправления
< 2.4.0
2.4.0
5.3 Medium
CVSS3
Дефекты
CWE-117
5.3 Medium
CVSS3
Дефекты
CWE-117