Vulnerabilities

CVE-2024-23840

by Fred · 30/01/2024

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release –debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.

More information : https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0

Similar

Tags: Cybersecurity Alert