AIKIDO-2024-10344

github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File

Low

github.com/wneessen/go-mail go

AIKIDO-2024-10344: github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File in versions 0.1.0 - 0.5.0.

Insertion of Sensitive Information into Log File

Vuln in 0.1.0 - 0.5.0

Fixed in 0.5.1

No CVE available

TL;DR

Affected versions of the package are vulnerable to Insertion of Sensitive Information into Log File. The debug logger could potentially expose SMTP authentication data to the logs, which could pose a risk.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade github.com/wneessen/go-mail library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10344

github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File

github.com/wneessen/go-mail go

AIKIDO-2024-10344: github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File in versions 0.1.0 - 0.5.0.

Don’t be left in the dark