GHSA-xr7q-jx4m-x55m: Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go

July 5, 2024

This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.

References

github.com/advisories/GHSA-xr7q-jx4m-x55m
github.com/grpc/grpc-go
github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m

Detect and mitigate GHSA-xr7q-jx4m-x55m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →