CVE-2024-6104

Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

Description

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log file.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

6

Severity

Medium

Ecosystem

GO

Publish Date

June 25, 2024

Modified Date

February 3, 2026

Score Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Versions