Improper Output Neutralization for Logs Affecting k8s.io/kubernetes/staging/src/k8s.io/client-go/transport package, versions <1.20.0-alpha.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOTRANSPORT-1018856
- published 16 Oct 2020
- disclosed 14 Oct 2020
- credit Unknown
How to fix?
k8s.io/kubernetes/staging/src/k8s.io/client-go/transport to version 1.20.0-alpha.2 or higher.
Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Incomplete fix for
CVE-2019-11250 allows for token leak in logs when
logLevel >= 9