GHSA-wpr2-j6gr-pjw9: OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
(updated )
Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors.
References
Detect and mitigate GHSA-wpr2-j6gr-pjw9 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →