15 matches found
GHSA-86RF-68F4-2CPH Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using...
AZL-75428 CVE-2025-11065 affecting package influxdb 2.7.5-10
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75419 CVE-2025-11065 affecting package gh 2.62.0-10
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75573 CVE-2025-11065 affecting package skopeo for versions less than 1.14.2-14
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75416 CVE-2025-11065 affecting package docker-compose 2.27.0-6
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75389 CVE-2025-11065 affecting package cert-manager 1.12.15-4
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75458 CVE-2025-11065 affecting package cri-o for versions less than 1.22.3-20
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75402 CVE-2025-11065 affecting package podman 5.6.1-7
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-11065 Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
Medium: nerdctl
Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...
Medium: amazon-cloudwatch-agent
Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: amazon-cloudwatch-agent Issue Correction: Run dnf update amazon-cloudwatch-agent --releasever 2023.9.20251014 or dnf update --advisory ALAS2023-2025-1224...
Linux Distros Unpatched Vulnerability : CVE-2025-11065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information...
GO-2025-3900 Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure
Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure...
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. Details OpenBao and presumably HashiCorp Vault have surfaced error messages from mapstructure as follows:...
GHSA-2464-8J7C-4CJM go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. Details OpenBao and presumably HashiCorp Vault have surfaced error messages from mapstructure as follows:...