GHSA-xr7q-jx4m-x55m: 
vulnerability analysis and mitigation

A low severity vulnerability (GHSA-xr7q-jx4m-x55m) was identified in github.com/grpc/grpc-go affecting versions 1.64.0. The vulnerability was discovered and published on July 3, 2024, and involves the potential exposure of private tokens in logs when context containing gRPC metadata is logged (GitHub Advisory).

The vulnerability is classified as CWE-200 and stems from the implementation of metadata logging functionality in gRPC-Go. When applications print or log a context containing gRPC metadata, the affected version (1.64.0) will expose all metadata content, which could include sensitive information. The issue has been assigned a low severity rating (GitHub Advisory).

This vulnerability represents a potential Personal Identifiable Information (PII) concern. When applications log or print contexts containing gRPC metadata, private information within the metadata could be exposed in the logs (GitHub Advisory).

The vulnerability has been patched in versions 1.64.1 and 1.65.0. For users unable to upgrade, a workaround is available by ensuring that contexts are not logged or printed in the application. This will prevent the exposure of potentially sensitive metadata information (GitHub Advisory).