Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Vulnerability Description
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Go SDK for CloudEvents 安全漏洞
Vulnerability Description
Go SDK for CloudEvents是CloudEvents开源的一个官方 CloudEvents SDK。 Go SDK for CloudEvents 2.15.2之前版本存在安全漏洞,该漏洞源于存在凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A