AZL-75582 CVE-2025-11065 affecting package vitess for versions less than 17.0.7-14

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75434 CVE-2025-11065 affecting package kata-containers 3.19.1.kata2-4

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-11065

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

Sensitive Information Disclosure

github.com/go-viper/mapstructure/v2 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure data handling due to improper processing of sensitive fields in security-critical contexts, potentially leading to leakage of sensitive information...

Security Bulletin: BM Engineering Lifecycle Optimization - Publishing uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts. MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesse...