cloudevents/sdk-go: usage of WithRoundTripper to create a Client leaks credentials

A vulnerability was found in cloudevents/sdk-go. This issue involves using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper results in the go-sdk leaking credentials to arbitrary endpoints. When the transport is populated with an authenticated...

GO-2024-2618 Authentication token leak in github.com/cloudevents/sdk-go/v2

Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, http.DefaultClient is modified with the authenticated transport...

Insufficiently Protected Credentials

github.com/cloudevents/sdk-go/v2 is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to the improper use of cloudevents.WithRoundTripper, allowing the leakage of credentials to arbitrary endpoints when creating a cloudevents.Client with an authenticated http.RoundTripp...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...