reports/GO-2021-0065.toml - vuln - Git at Google

 module = "k8s.io/client-go"
 package = "k8s.io/client-go/transport"

 description = """
 Authorization tokens may be inappropriately logged if the verbosity
 level is set to a debug level.
 """

 cve = "CVE-2019-11250"

 symbols = ["debuggingRoundTripper.RoundTrip"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v0.17.0"

 [[additional_packages]]
 module = "k8s.io/kubernetes"
 package = "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport"
 symbols = ["debuggingRoundTripper.RoundTrip"]
 [[additional_packages.versions]]
 fixed = "v1.16.0-beta.1"

 [links]
 commit = "https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245"
 pr = "https://github.com/kubernetes/kubernetes/pull/81330"
 context = ["https://github.com/kubernetes/kubernetes/issues/81114"]

 # This is a really confusing one to classify becuase of how kubernetes
 # does their vendoring stuff.
	module = "k8s.io/client-go"
	package = "k8s.io/client-go/transport"

	description = """
	Authorization tokens may be inappropriately logged if the verbosity
	level is set to a debug level.
	"""

	cve = "CVE-2019-11250"

	symbols = ["debuggingRoundTripper.RoundTrip"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v0.17.0"

	[[additional_packages]]
	module = "k8s.io/kubernetes"
	package = "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport"
	symbols = ["debuggingRoundTripper.RoundTrip"]
	[[additional_packages.versions]]
	fixed = "v1.16.0-beta.1"

	[links]
	commit = "https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245"
	pr = "https://github.com/kubernetes/kubernetes/pull/81330"
	context = ["https://github.com/kubernetes/kubernetes/issues/81114"]

	# This is a really confusing one to classify becuase of how kubernetes
	# does their vendoring stuff.