Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

Vulnerability Report: GO-2022-0980

CVE-2022-38149, GHSA-8449-7gc2-pwrp
Affects: github.com/hashicorp/consul-template
Published: Sep 21, 2022
Modified: Jun 12, 2023

The text of errors returned by Template.Execute can contain Vault secrets, potentially revealing these secrets in logs or error reports.

For detailed information about this vulnerability, visit https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215.

Affected Packages

Path

Versions

Symbols
github.com/hashicorp/consul-template/template

before v0.27.3, from v0.28.0 before v0.28.3, from v0.29.0 before v0.29.2
- Template.Execute

Aliases

References

Feedback

See anything missing or incorrect? Suggest an edit to this report.