### [CVE-2024-6104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104)
![](https://img.shields.io/static/v1?label=Product&message=Shared%20library&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.7.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen)

### Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/felipecruz91/e2e-scout