Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Impact
This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.
Patches
The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0
Workarounds
If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem.
Permalink: https://github.com/advisories/GHSA-xr7q-jx4m-x55mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-xr7q-jx4m-x55m
References:
- https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
- https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb
- https://github.com/advisories/GHSA-xr7q-jx4m-x55m
Blast Radius: 0.0
Affected Packages
go:google.golang.org/grpc
Dependent packages: 56,663Dependent repositories: 158,189
Downloads:
Affected Version Ranges: >= 1.64.0, < 1.64.1
Fixed in: 1.64.1
All affected versions: 1.64.0
All unaffected versions: 1.0.0, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.8.0, 1.8.2, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.18.1, 1.19.0, 1.19.1, 1.20.0, 1.20.1, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.23.0, 1.23.1, 1.24.0, 1.25.0, 1.25.1, 1.26.0, 1.27.0, 1.27.1, 1.28.0, 1.28.1, 1.29.0, 1.29.1, 1.30.0, 1.30.1, 1.31.0, 1.31.1, 1.32.0, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.34.0, 1.34.1, 1.34.2, 1.35.0, 1.35.1, 1.36.0, 1.36.1, 1.37.0, 1.37.1, 1.38.0, 1.38.1, 1.39.0, 1.39.1, 1.40.0, 1.40.1, 1.41.0, 1.41.1, 1.42.0, 1.43.0, 1.44.0, 1.45.0, 1.46.0, 1.46.1, 1.46.2, 1.47.0, 1.48.0, 1.49.0, 1.50.0, 1.50.1, 1.51.0, 1.52.0, 1.52.1, 1.52.3, 1.53.0, 1.54.0, 1.54.1, 1.55.0, 1.55.1, 1.56.0, 1.56.1, 1.56.2, 1.56.3, 1.57.0, 1.57.1, 1.57.2, 1.58.0, 1.58.1, 1.58.2, 1.58.3, 1.59.0, 1.60.0, 1.60.1, 1.61.0, 1.61.1, 1.61.2, 1.62.0, 1.62.1, 1.62.2, 1.63.0, 1.63.1, 1.63.2, 1.63.3, 1.64.1, 1.65.0, 1.65.1, 1.66.0, 1.66.1, 1.66.2, 1.66.3, 1.67.0, 1.67.1