GO-2023-2137

Source
https://pkg.go.dev/vuln/GO-2023-2137
Import Source
https://vuln.go.dev/ID/GO-2023-2137.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-2137
Aliases
Published
2023-10-24T20:27:41Z
Modified
2024-05-20T16:03:47Z
Summary
Credentials leak in github.com/ydb-platform/ydb-go-sdk/v3
Details

A custom credentials object that does not implement the fmt.Stringer interface may leak sensitive information (e.g., credentials) via logs.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-2137"
}
References

Affected packages

Go / github.com/ydb-platform/ydb-go-sdk/v3

Package

Name
github.com/ydb-platform/ydb-go-sdk/v3
View open source insights on deps.dev
Purl
pkg:golang/github.com/ydb-platform/ydb-go-sdk/v3

Affected ranges

Type
SEMVER
Events
Introduced
3.48.6
Fixed
3.53.3

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/ydb-platform/ydb-go-sdk/v3",
            "symbols": [
                "Connector",
                "Driver.Close",
                "Driver.Coordination",
                "Driver.Discovery",
                "Driver.Ratelimiter",
                "Driver.Scheme",
                "Driver.Scripting",
                "Driver.Table",
                "Driver.Topic",
                "Driver.With",
                "IsTimeoutError",
                "IsTransportError",
                "MustConnector",
                "MustOpen",
                "New",
                "Open",
                "Unwrap",
                "WithAccessTokenCredentials",
                "WithAnonymousCredentials",
                "WithCertificatesFromFile",
                "WithRequestType",
                "WithTraceID",
                "connect",
                "initOnce.Close",
                "initOnce.Init",
                "sqlDriver.OpenConnector"
            ]
        },
        {
            "path": "github.com/ydb-platform/ydb-go-sdk/v3/credentials",
            "symbols": [
                "NewAccessTokenCredentials",
                "NewAnonymousCredentials",
                "NewStaticCredentials",
                "WithSourceInfo",
                "staticCredentialsConfig.Endpoint",
                "staticCredentialsConfig.GrpcDialOptions"
            ]
        },
        {
            "path": "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer",
            "symbols": [
                "Balancer.Invoke",
                "Balancer.NewStream",
                "Balancer.clusterDiscovery",
                "Balancer.wrapCall",
                "New"
            ]
        },
        {
            "path": "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn",
            "symbols": [
                "WithAfterFunc"
            ]
        },
        {
            "path": "github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials",
            "symbols": [
                "AccessToken.String",
                "Anonymous.String",
                "NewAccessTokenCredentials",
                "NewAnonymousCredentials",
                "NewStaticCredentials",
                "Static.String",
                "WithSourceInfo"
            ]
        }
    ]
}