CNNVD-202601-4343 Information
CNNVD ID
CNNVD-202601-4343
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
mapstructure是Viper开源的一个Go语言库。 mapstructure存在安全漏洞,该漏洞源于使用mapstructure.WeakDecode时错误信息可能泄露敏感输入值,可能导致信息泄露。
Description (English)
Mapstructure is a Go language library from Viper Open Source. There is a security loophole in Mapstructure, which stems from the possibility that the misinformation used in Mapstructure.WeakDecode may leak sensitive input values and may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Viper
Published
2026-01-26
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-11065 https://bugzilla.redhat.com/show_bug.cgi?id=2391829 https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
Patch
https://github.com/go-viper/mapstructure/releases
Share on: