Malicious Package

Overview github.com/BufferZoneCorp/go-retryablehttp is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

MAL-2026-3623 Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

CLEANSTART-2026-GG94489 go-retryablehttp prior to 0

Multiple security vulnerabilities affect the prometheus package. go-retryablehttp prior to 0. See references for individual vulnerability details...

MiracleLinux 9 : podman-4.9.4-10.el9_4 (AXSA:2024-8754:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8754:08 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 go-retryablehttp: url might write sensitive...

TencentOS Server 4: podman (TSSA-2025:0620)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0620 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: skopeo (TSSA-2025:0634)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0634 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2024-2173

Malicious code in bioql PyPI...

SUSE-SU-2025:20179-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238685 - CVE-2025-27144: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerab...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238685 CVE-2025-27144: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable t...

Security Bulletin: IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in go-retryablehttp has been identified that affectsIBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...

Linux Distros Unpatched Vulnerability : CVE-2024-6104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth...

Security update for podman

This update for podman fixes the following issues: CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE bsc1237641 CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service D...

SUSE-SU-2025:0420-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

SUSE-SU-2025:20013-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. - Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compa...

Security Bulletin: Vulnerability in go-retryablehttp affects watsonx.data

Summary go-retryablehttp could allow a local authenticated attacker to obtain sensitive information. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-6104 DESCRIPTION: go-retryablehttp could allow a local authenticated attacker to obtain sensitive information, caused by the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.7 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.7 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...