When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1497" }