GHSA-fv92-fjc5-jj9h: mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

June 27, 2025

Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.

References

github.com/advisories/GHSA-fv92-fjc5-jj9h
github.com/go-viper/mapstructure
github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h

Code Behaviors & Features

Detect and mitigate GHSA-fv92-fjc5-jj9h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →