VYPR
Moderate severityNVD Advisory· Published Jan 30, 2024· Updated May 29, 2025

`goreleaser release --debug` shows secrets

CVE-2024-23840

Description

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/goreleaser/goreleaserGo
>= 1.23.0, < 1.24.01.24.0

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.