Improper Output Neutralization for Logs in github.com/cedric-cordenier/mapstructure/v2
Cx17483713-ac68
- github.com/cedric-cordenier/mapstructure/v2
- github.com/chenxyzl/mapstructure/v2
- github.com/cyvers-ai/mapstructure/v2
- github.com/CyVers-AI/mapstructure/v2
- github.com/einzigartigername/mapstructure/v2
- github.com/einzigartigerName/mapstructure/v2
- github.com/go-viper/mapstructure
- github.com/go-viper/mapstructure/v2
- github.com/go-Viper/mapstructure/v2
- github.com/hashmatoteam/mapstructure/v2
- github.com/lumeweb/mapstructure/v2
- github.com/mahadzaryab1/mapstructure/v2
- github.com/m1k1o/mapstructure/v2
- github.com/yurishkuro/mapstructure/v2
- github.com/zoeysimone/mapstructure/v2
- github.com/ZoeySimone/mapstructure/v2
Summary
Using the library package github.com/go-viper/mapstructure/v2 in a security-critical context may result in Leaking Sensitive Information if it is used to process sensitive fields. This issue affects versions prior to 2.4.0.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-117 - Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
References
Advisory Timeline
- Published
