PT-2026-42373

ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the options.WithCommit process. An attacker can cause loss of data consistency by relying on the transaction commit flag without the transaction actually being committed. Workaround This...

ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction

Impact Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led in rare cases to a loss of data consistency...

GO-2023-2137 Credentials leak in github.com/ydb-platform/ydb-go-sdk/v3

A custom credentials object that does not implement the fmt.Stringer interface may leak sensitive information e.g., credentials via logs...

CVE-2023-45825

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

Design/Logic Flaw

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2023-45825

CVEs and affected software: The issue affects ydb-go-sdk (Go native and database/sql driver for YDB) in versions from v3.48.6 up to v3.53.2. Root cause and impact: If a custom credentials object (implementing the Credentials interface) is logged via an error message, the object could be serialize...

CVE-2023-45825 Token in custom credentials object can leak through logs in ydb-go-sdk

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2023-45825 Token in custom credentials object can leak through logs in ydb-go-sdk

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2023-45825 Token in custom credentials object can leak through logs in ydb-go-sdk

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

GHSA-Q24M-6H38-5XJ8 ydb-go-sdk token in custom credentials object can leak through logs

Impact Since ydb-go-sdk/v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf"something went wrong credentials: %q", credentials during connection to...

ydb-go-sdk token in custom credentials object can leak through logs

Impact Since ydb-go-sdk/v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf"something went wrong credentials: %q", credentials during connection to...

PT-2023-29713 · Yandex · Ydb-Go-Sdk

Name of the Vulnerable Software and Affected Versions: ydb-go-sdk versions 3.48.6 through 3.53.2 Description: The issue concerns a potential leak of sensitive information, such as credentials, into logs when using a custom credentials object with ydb-go-sdk. This occurs because the custom...