GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/goreleaser/goreleaser(Go) | 1.23.0 | 1.24.0 | N/A |
CVSS Metrics
