← Back

Goreleaser

goreleaser

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Nfpm
nfpm
1 CVE
Goreleaser
goreleaser
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-23840
1Goreleaser
1Goreleaser
Nov 21, 2024
Jan 30, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publish...Show more
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.Show less
CVE-2023-32698
1Goreleaser
1Nfpm
Nov 21, 2024
May 30, 2023
N/A· v4
7.1 HIGH· v3
N/A· v2
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad...Show more
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.Show less