{"id":"CVE-2024-45340","details":"Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.","aliases":["BIT-golang-2024-45340","GO-2025-3383"],"modified":"2026-04-10T05:16:50.744236Z","published":"2025-01-28T02:15:29Z","related":["SUSE-SU-2025:0285-1","SUSE-SU-2025:0297-1","SUSE-SU-2025:0429-1","openSUSE-SU-2025:14693-1","openSUSE-SU-2025:14710-1"],"references":[{"type":"WEB","url":"https://go.dev/cl/643097"},{"type":"WEB","url":"https://go.dev/issue/71249"},{"type":"WEB","url":"https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2025-3383"}],"schema_version":"1.7.5"}