{"id":"GO-2025-3900","summary":"Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure","details":"Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure","aliases":["CVE-2025-11065","GHSA-2464-8j7c-4cjm"],"modified":"2026-03-17T04:53:36.015993Z","published":"2025-08-29T14:52:35Z","related":["CGA-qj55-9pjx-f47q"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3900","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"},{"type":"FIX","url":"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"}],"affected":[{"package":{"name":"github.com/go-viper/mapstructure","ecosystem":"Go","purl":"pkg:golang/github.com/go-viper/mapstructure"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3900.json"}},{"package":{"name":"github.com/go-viper/mapstructure/v2","ecosystem":"Go","purl":"pkg:golang/github.com/go-viper/mapstructure/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.4.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["Decoder.decodeBool","Decoder.decodeFloat","Decoder.decodeInt","Decoder.decodeUint","StringToBoolHookFunc","StringToComplex128HookFunc","StringToComplex64HookFunc","StringToFloat32HookFunc","StringToFloat64HookFunc","StringToIPHookFunc","StringToIPNetHookFunc","StringToInt16HookFunc","StringToInt32HookFunc","StringToInt64HookFunc","StringToInt8HookFunc","StringToIntHookFunc","StringToNetIPAddrHookFunc","StringToNetIPAddrPortHookFunc","StringToNetIPPrefixHookFunc","StringToTimeDurationHookFunc","StringToTimeHookFunc","StringToURLHookFunc","StringToUint16HookFunc","StringToUint32HookFunc","StringToUint64HookFunc","StringToUint8HookFunc","StringToUintHookFunc"],"path":"github.com/go-viper/mapstructure/v2"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3900.json"}}],"schema_version":"1.7.5"}