The vulnerability of the WithRoundTripper() function in the library for integrating applications with cloud-based infrastructure, CloudEvents sdk-go, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WithRoundTripper function in the library for integrating applications with cloud-based infrastructure, the CloudEvents sdk-go, is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Impact What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is here also inline, emphasis added: if p.Client == n...

GHSA-5PF6-2QWX-PXM2 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Impact What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is here also inline, emphasis added: if p.Client == n...