{"id":"GO-2025-3437","summary":"Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine","details":"Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/argoproj/gitops-engine before v0.7.1-0.20250129155113-4c6e03c463141.","aliases":["GHSA-274v-mgcv-cm8j"],"modified":"2026-02-04T03:47:49.377346Z","published":"2025-02-04T22:06:11Z","related":["CGA-53c2-jpv3-xcmc"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3437","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j"},{"type":"FIX","url":"https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v"}],"affected":[{"package":{"name":"github.com/argoproj/gitops-engine","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/gitops-engine"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.7.2"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.1-0.20250129155113-4c6e03c463141"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3437.json"}}],"schema_version":"1.7.3"}