CVE-2024-28110
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-28110
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28110.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-28110
- Aliases
- Related
- Published
- 2024-03-06T22:15:57Z
- Modified
- 2024-10-08T04:07:19.798701Z
- Summary
- [none]
- Details
-
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.
- References
Affected packages
Git / github.com/cloudevents/sdk-go
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudevents/sdk-go
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.1
0.2
0.2.0
0.3.0
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.6.0
0.7.0
protocol/amqp/v2.*
protocol/amqp/v2.0.0
protocol/amqp/v2.2.0
protocol/amqp/v2.3.0
protocol/kafka_sarama/v2.*
protocol/kafka_sarama/v2.0.0
protocol/kafka_sarama/v2.2.0
protocol/kafka_sarama/v2.3.0
protocol/nats/v2.*
protocol/nats/v2.0.0
protocol/nats/v2.2.0
protocol/nats/v2.3.0
protocol/pubsub/v2.*
protocol/pubsub/v2.0.0
protocol/pubsub/v2.2.0
protocol/pubsub/v2.3.0
protocol/stan/v2.*
protocol/stan/v2.0.0
protocol/stan/v2.2.0
protocol/stan/v2.3.0
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.8.0
v0.9.0
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.1.0
v1.1.1
v2.*
v2.0.0
v2.0.0-RC1
v2.0.0-RC2
v2.0.0-RC3
v2.0.0-RC4
v2.0.0-RC5
v2.0.0-prevew7
v2.0.0-preview1
v2.0.0-preview2
v2.0.0-preview3
v2.0.0-preview4
v2.0.0-preview5
v2.0.0-preview6
v2.0.0-preview7
v2.0.0-preview8
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.15.1
v2.2.0
v2.3.0
v2.4.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v2/protocol/kafka_sarama/v1.*
v2/protocol/kafka_sarama/v1.0.0-RC5
v2/protocol/stan/v1.*
v2/protocol/stan/v1.0.0-RC5
v2/protocol/stan/v2.*
v2/protocol/stan/v2.0.0-RC5
Other
v<nil>