Lookup for vulnerable packages by Package URL.
| Purl | pkg:golang/google.golang.org/grpc@1.64.1 |
|---|
| Type | golang |
|---|
| Namespace | google.golang.org |
|---|
| Name | grpc |
|---|
| Version | 1.64.1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 1.79.3 |
|---|
| Latest_non_vulnerable_version | 1.79.3 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-nncd-yw5m-m3b2 |
| vulnerability_id |
VCID-nncd-yw5m-m3b2 |
| summary |
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
### Impact
This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.
### Patches
The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0
### Workarounds
If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-xr7q-jx4m-x55m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nncd-yw5m-m3b2 |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:golang/google.golang.org/grpc@1.64.1 |
|---|