GHSA-2464-8j7c-4cjm: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

August 21, 2025

Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.

References

github.com/advisories/GHSA-2464-8j7c-4cjm
github.com/go-viper/mapstructure
github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c
github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm

Code Behaviors & Features

Detect and mitigate GHSA-2464-8j7c-4cjm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →