VDB
DEBIAN-CVE-2024-6104
DEBIAN-CVE-2024-6104
PUBLISHED
CVSS 5.5 MEDIUM
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | golang-github-hashicorp-go-retryablehttp | 0, 0.7.1-1, 0 |
| Debian:13 | golang-github-hashicorp-go-retryablehttp | 0, 0.7.1-1, 0 |
| Debian:11 | golang-github-hashicorp-go-retryablehttp | 0.7.0-1, 0, 0.6.4-2 |
| Debian:14 | golang-github-hashicorp-go-retryablehttp | 0, 0.7.1-1, 0 |
Timeline
- Jun 24, 2024 CVE Published
- Apr 28, 2026 CVE Updated