Vulnerability Report: GO-2024-2978

GHSA-xr7q-jx4m-x55m
Affects: google.golang.org/grpc
Published: Jul 09, 2024

If applications print or log a context containing gRPC metadata, the output will contain all the metadata, which may include private information. This represents a potential PII concern.

For detailed information about this vulnerability, visit https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m.

Affected Packages

Path

Go Versions

Symbols
google.golang.org/grpc/metadata

from v1.64.0 before v1.64.1
- MD.String

Aliases

GHSA-xr7q-jx4m-x55m

References

https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb
https://vuln.go.dev/ID/GO-2024-2978.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL