AIKIDO-2024-10344
github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File
8
Low
github.com/wneessen/go-mail go
AIKIDO-2024-10344: github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File in versions 0.1.0 - 0.5.0.
Insertion of Sensitive Information into Log File
Vuln in 0.1.0 - 0.5.0
Fixed in 0.5.1
No CVE available
TL;DR
Affected versions of the package are vulnerable to Insertion of Sensitive Information into Log File. The debug logger could potentially expose SMTP authentication data to the logs, which could pose a risk.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade github.com/wneessen/go-mail library to patch version.
Background info
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US