—

GO-2026-5348

auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation in github.com/go-pkgz/auth

상세

auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation in github.com/go-pkgz/auth

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/go-pkgz/auth

최초 영향 버전: 1.18.0 수정 버전: 1.25.2

수정 go get github.com/go-pkgz/auth@v1.25.2

Go / github.com/go-pkgz/auth/v2

최초 영향 버전: 2.0.0 수정 버전: 2.1.2

수정 go get github.com/go-pkgz/auth/v2@v2.1.2

참고

https://github.com/go-pkgz/auth/security/advisories/GHSA-f6qq-3m3h-4g42 [ADVISORY]
https://nvd.nist.gov/vuln/detail/CVE-2026-42560 [ADVISORY]
https://github.com/go-pkgz/auth/commit/c0b15ee72a8401da83c01781c16636c521f42698 [FIX]
https://github.com/go-pkgz/auth/releases/tag/v1.25.2 [WEB]
https://github.com/go-pkgz/auth/releases/tag/v2.1.2 [WEB]