Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-k54u-rbhx-bbbu
Summary
go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
Aliases
0
alias CVE-2024-6104
1
alias GHSA-v6v8-xj6m-xwqh
Fixed_packages
0
url pkg:golang/github.com/hashicorp/go-retryablehttp@0.7.7
purl pkg:golang/github.com/hashicorp/go-retryablehttp@0.7.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/go-retryablehttp@0.7.7
Affected_packages
0
url pkg:rpm/redhat/grafana@10.2.6-4?arch=el9
purl pkg:rpm/redhat/grafana@10.2.6-4?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tcn-jpc2-auas
1
vulnerability VCID-k54u-rbhx-bbbu
2
vulnerability VCID-p1bh-b1qf-ufg6
3
vulnerability VCID-qemj-x1bx-h7gp
4
vulnerability VCID-r8tc-7h1k-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@10.2.6-4%3Farch=el9
1
url pkg:rpm/redhat/openshift-pipelines-client@1.16.0-11647?arch=el8
purl pkg:rpm/redhat/openshift-pipelines-client@1.16.0-11647?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k54u-rbhx-bbbu
1
vulnerability VCID-qemj-x1bx-h7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-pipelines-client@1.16.0-11647%3Farch=el8
2
url pkg:rpm/redhat/podman@2:4.4.1-20?arch=el9_2
purl pkg:rpm/redhat/podman@2:4.4.1-20?arch=el9_2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nrn-u58x-mben
1
vulnerability VCID-fcfw-7u4r-ebf8
2
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@2:4.4.1-20%3Farch=el9_2
3
url pkg:rpm/redhat/podman@3:4.4.1-12.rhaos4.13?arch=el8
purl pkg:rpm/redhat/podman@3:4.4.1-12.rhaos4.13?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k54u-rbhx-bbbu
1
vulnerability VCID-wq29-hzz2-5beh
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@3:4.4.1-12.rhaos4.13%3Farch=el8
4
url pkg:rpm/redhat/podman@3:4.4.1-16.4.rhaos4.14?arch=el8
purl pkg:rpm/redhat/podman@3:4.4.1-16.4.rhaos4.14?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcfw-7u4r-ebf8
1
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@3:4.4.1-16.4.rhaos4.14%3Farch=el8
5
url pkg:rpm/redhat/podman@3:4.4.1-26.2.rhaos4.15?arch=el8
purl pkg:rpm/redhat/podman@3:4.4.1-26.2.rhaos4.15?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@3:4.4.1-26.2.rhaos4.15%3Farch=el8
6
url pkg:rpm/redhat/podman@4:4.9.4-8.rhaos4.16?arch=el8
purl pkg:rpm/redhat/podman@4:4.9.4-8.rhaos4.16?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcfw-7u4r-ebf8
1
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@4:4.9.4-8.rhaos4.16%3Farch=el8
7
url pkg:rpm/redhat/podman@4:4.9.4-10?arch=el9_4
purl pkg:rpm/redhat/podman@4:4.9.4-10?arch=el9_4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4psv-cefc-7kad
1
vulnerability VCID-fcfw-7u4r-ebf8
2
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@4:4.9.4-10%3Farch=el9_4
8
url pkg:rpm/redhat/podman@4:5.2.0-2.rhaos4.17?arch=el9
purl pkg:rpm/redhat/podman@4:5.2.0-2.rhaos4.17?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@4:5.2.0-2.rhaos4.17%3Farch=el9
9
url pkg:rpm/redhat/skopeo@2:1.16.0-2.rhaos4.17?arch=el8
purl pkg:rpm/redhat/skopeo@2:1.16.0-2.rhaos4.17?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k54u-rbhx-bbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.16.0-2.rhaos4.17%3Farch=el8
10
url pkg:rpm/redhat/skopeo@2:1.16.1-1?arch=el9
purl pkg:rpm/redhat/skopeo@2:1.16.1-1?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-52c5-4udv-jydb
1
vulnerability VCID-k54u-rbhx-bbbu
2
vulnerability VCID-p1bh-b1qf-ufg6
3
vulnerability VCID-qemj-x1bx-h7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.16.1-1%3Farch=el9
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6104.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6104.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6104
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13905
published_at 2026-04-21T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13833
published_at 2026-04-18T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.13839
published_at 2026-04-16T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.13936
published_at 2026-04-13T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13985
published_at 2026-04-12T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.14022
published_at 2026-04-11T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.14077
published_at 2026-04-09T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.14024
published_at 2026-04-08T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.13941
published_at 2026-04-07T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.14135
published_at 2026-04-04T12:55:00Z
10
value 0.00045
scoring_system epss
scoring_elements 0.14082
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6104
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104
3
reference_url https://discuss.hashicorp.com/c/security
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T19:19:22Z/
url https://discuss.hashicorp.com/c/security
4
reference_url https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-v6v8-xj6m-xwqh
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v6v8-xj6m-xwqh
7
reference_url https://github.com/hashicorp/go-retryablehttp
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/go-retryablehttp
8
reference_url https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6104
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6104
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076773
reference_id 1076773
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076773
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2294000
reference_id 2294000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2294000
12
reference_url https://access.redhat.com/errata/RHSA-2024:10518
reference_id RHSA-2024:10518
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10518
13
reference_url https://access.redhat.com/errata/RHSA-2024:10823
reference_id RHSA-2024:10823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10823
14
reference_url https://access.redhat.com/errata/RHSA-2024:11562
reference_id RHSA-2024:11562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11562
15
reference_url https://access.redhat.com/errata/RHSA-2024:3722
reference_id RHSA-2024:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3722
16
reference_url https://access.redhat.com/errata/RHSA-2024:4316
reference_id RHSA-2024:4316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4316
17
reference_url https://access.redhat.com/errata/RHSA-2024:4321
reference_id RHSA-2024:4321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4321
18
reference_url https://access.redhat.com/errata/RHSA-2024:4469
reference_id RHSA-2024:4469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4469
19
reference_url https://access.redhat.com/errata/RHSA-2024:4479
reference_id RHSA-2024:4479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4479
20
reference_url https://access.redhat.com/errata/RHSA-2024:4846
reference_id RHSA-2024:4846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4846
21
reference_url https://access.redhat.com/errata/RHSA-2024:4853
reference_id RHSA-2024:4853
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4853
22
reference_url https://access.redhat.com/errata/RHSA-2024:4858
reference_id RHSA-2024:4858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4858
23
reference_url https://access.redhat.com/errata/RHSA-2024:4872
reference_id RHSA-2024:4872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4872
24
reference_url https://access.redhat.com/errata/RHSA-2024:4963
reference_id RHSA-2024:4963
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4963
25
reference_url https://access.redhat.com/errata/RHSA-2024:4965
reference_id RHSA-2024:4965
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4965
26
reference_url https://access.redhat.com/errata/RHSA-2024:5107
reference_id RHSA-2024:5107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5107
27
reference_url https://access.redhat.com/errata/RHSA-2024:5160
reference_id RHSA-2024:5160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5160
28
reference_url https://access.redhat.com/errata/RHSA-2024:5194
reference_id RHSA-2024:5194
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5194
29
reference_url https://access.redhat.com/errata/RHSA-2024:5199
reference_id RHSA-2024:5199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5199
30
reference_url https://access.redhat.com/errata/RHSA-2024:5200
reference_id RHSA-2024:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5200
31
reference_url https://access.redhat.com/errata/RHSA-2024:5433
reference_id RHSA-2024:5433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5433
32
reference_url https://access.redhat.com/errata/RHSA-2024:5444
reference_id RHSA-2024:5444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5444
33
reference_url https://access.redhat.com/errata/RHSA-2024:5446
reference_id RHSA-2024:5446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5446
34
reference_url https://access.redhat.com/errata/RHSA-2024:5547
reference_id RHSA-2024:5547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5547
35
reference_url https://access.redhat.com/errata/RHSA-2024:5808
reference_id RHSA-2024:5808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5808
36
reference_url https://access.redhat.com/errata/RHSA-2024:6004
reference_id RHSA-2024:6004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6004
37
reference_url https://access.redhat.com/errata/RHSA-2024:6194
reference_id RHSA-2024:6194
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6194
38
reference_url https://access.redhat.com/errata/RHSA-2024:6409
reference_id RHSA-2024:6409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6409
39
reference_url https://access.redhat.com/errata/RHSA-2024:6642
reference_id RHSA-2024:6642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6642
40
reference_url https://access.redhat.com/errata/RHSA-2024:6738
reference_id RHSA-2024:6738
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6738
41
reference_url https://access.redhat.com/errata/RHSA-2024:6755
reference_id RHSA-2024:6755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6755
42
reference_url https://access.redhat.com/errata/RHSA-2024:6811
reference_id RHSA-2024:6811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6811
43
reference_url https://access.redhat.com/errata/RHSA-2024:7184
reference_id RHSA-2024:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7184
44
reference_url https://access.redhat.com/errata/RHSA-2024:7237
reference_id RHSA-2024:7237
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7237
45
reference_url https://access.redhat.com/errata/RHSA-2024:7323
reference_id RHSA-2024:7323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7323
46
reference_url https://access.redhat.com/errata/RHSA-2024:7324
reference_id RHSA-2024:7324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7324
47
reference_url https://access.redhat.com/errata/RHSA-2024:7624
reference_id RHSA-2024:7624
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7624
48
reference_url https://access.redhat.com/errata/RHSA-2024:7744
reference_id RHSA-2024:7744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7744
49
reference_url https://access.redhat.com/errata/RHSA-2024:8040
reference_id RHSA-2024:8040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8040
50
reference_url https://access.redhat.com/errata/RHSA-2024:8314
reference_id RHSA-2024:8314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8314
51
reference_url https://access.redhat.com/errata/RHSA-2024:8677
reference_id RHSA-2024:8677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8677
52
reference_url https://access.redhat.com/errata/RHSA-2024:9115
reference_id RHSA-2024:9115
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9115
53
reference_url https://access.redhat.com/errata/RHSA-2025:0029
reference_id RHSA-2025:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0029
54
reference_url https://access.redhat.com/errata/RHSA-2025:0536
reference_id RHSA-2025:0536
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0536
55
reference_url https://access.redhat.com/errata/RHSA-2025:1116
reference_id RHSA-2025:1116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1116
56
reference_url https://access.redhat.com/errata/RHSA-2025:11669
reference_id RHSA-2025:11669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11669
57
reference_url https://access.redhat.com/errata/RHSA-2025:1829
reference_id RHSA-2025:1829
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1829
58
reference_url https://access.redhat.com/errata/RHSA-2025:1865
reference_id RHSA-2025:1865
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1865
59
reference_url https://access.redhat.com/errata/RHSA-2025:1866
reference_id RHSA-2025:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1866
60
reference_url https://access.redhat.com/errata/RHSA-2025:3714
reference_id RHSA-2025:3714
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3714
61
reference_url https://access.redhat.com/errata/RHSA-2025:9776
reference_id RHSA-2025:9776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9776
Weaknesses
0
cwe_id 532
name Insertion of Sensitive Information into Log File
description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-k54u-rbhx-bbbu