Improper Input Validation Affecting github.com/micro/micro/v3/service/logger package, versions <3.9.0


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMMICROMICROV3SERVICELOGGER-2328090

  • published

    31 Dec 2021

  • disclosed

    30 Dec 2021

  • credit

    zhaoyang

How to fix?

Upgrade github.com/micro/micro/v3/service/logger to version 3.9.0 or higher.

Overview

github.com/micro/micro/v3/service/logger is a provides a log interface.

Affected versions of this package are vulnerable to Improper Input Validation via user input which is logged without sanitization.

References