CVE-2024-23840: Insertion of Sensitive Information into Log File
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug
log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.
References
Detect and mitigate CVE-2024-23840 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →