Skip to content

*: Update mapstructure to the latest #1190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RafalKorepta merged 1 commit into from
Dec 1, 2025
Merged

*: Update mapstructure to the latest #1190

RafalKorepta merged 1 commit into from
Dec 1, 2025

Conversation

@RafalKorepta
Copy link
Contributor

@RafalKorepta RafalKorepta commented Dec 1, 2025

Snyk found Improper Output Neutralization for Logs problem.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the WeakDecode function when handling malformed input data. An attacker can cause sensitive information to be included in error logs by submitting specially crafted input that triggers error messages containing original values.

Reference

@RafalKorepta RafalKorepta force-pushed the rk/2.3.x/fix-mapstructure branch from 2452ec2 to 4f9fc2e Compare December 1, 2025 09:34
@RafalKorepta
*: Update mapstructure to the latest
e44ceff 
Snyk found Improper Output Neutralization for Logs problem.

> Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the WeakDecode function when handling malformed input data. An attacker can cause sensitive information to be included in error logs by submitting specially crafted input that triggers error messages containing original values.

Reference
* https://cwe.mitre.org/data/definitions/117.html
* https://www.cve.org/CVERecord?id=CVE-2025-11065
* https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
* https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOVIPERMAPSTRUCTUREV2-12177854
* go-viper/mapstructure@742921c
@RafalKorepta RafalKorepta force-pushed the rk/2.3.x/fix-mapstructure branch from 4f9fc2e to e44ceff Compare December 1, 2025 09:50
@RafalKorepta RafalKorepta merged commit b2705f7 into release/v2.3.x Dec 1, 2025
11 checks passed
@RafalKorepta RafalKorepta deleted the rk/2.3.x/fix-mapstructure branch December 12, 2025 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewstucki andrewstucki andrewstucki approved these changes

@chrisseto chrisseto Awaiting requested review from chrisseto chrisseto is a code owner

@gene-redpanda gene-redpanda Awaiting requested review from gene-redpanda gene-redpanda is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RafalKorepta @andrewstucki