← voltar
CVE-2025-11065

Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

CVSS 5.3 MEDIUMEPSS 0.4%CWE-209
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
github.com/go-viper/mapstructure/v2Red Hat · OpenShift PipelinesRed Hat · Red Hat Advanced Cluster Management for Kubernetes 2Red Hat · Red Hat Advanced Cluster Security 4Red Hat · Red Hat Certification for Red Hat Enterprise Linux 8Red Hat · Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift AI (RHOAI)Red Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat OpenShift Dev SpacesRed Hat · Red Hat OpenShift distributed tracing 3Red Hat · Red Hat OpenShift GitOpsRed Hat · Red Hat Trusted Application PipelineRed Hat · Red Hat Trusted Artifact SignerRed Hat · Zero Trust Workload Identity Manager - Tech Preview

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/CVE-2025-11065https://bugzilla.redhat.com/show_bug.cgi?id=2391829https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39chttps://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm