[Git][security-tracker-team/security-tracker][master] CVE-2024-6104/golang-github-hashicorp-go-retryablehttp: add references

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e94fbc0 by Sylvain Beucler at 2025-02-20T11:56:23+01:00
CVE-2024-6104/golang-github-hashicorp-go-retryablehttp: add references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63719,6 +63719,8 @@ CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writin
 	- golang-github-hashicorp-go-retryablehttp <unfixed> (bug #1076773)
 	[bookworm] - golang-github-hashicorp-go-retryablehttp <no-dsa> (Minor issue)
 	[bullseye] - golang-github-hashicorp-go-retryablehttp <no-dsa> (Minor issue)
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027
+	NOTE: https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a (v0.7.7)
 CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
 	NOT-FOR-US: Mia Technology Inc. Mia-Med Health Aplication
 CVE-2024-5683 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e94fbc007e36a8a9bf1b9d2828dc22cf09b1677

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e94fbc007e36a8a9bf1b9d2828dc22cf09b1677
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250220/a116578a/attachment.htm>