GrepRules
Sign inPublish rule
Explore/cve-2024-39315-overly-broad-protobuf-serialization

CVE-2024-39315: Overly Broad Protobuf Serialization

Unconditionally serializing a potentially sensitive protocol buffer or data object (like Session, User, or Profile) and preparing it for direct JSON inclusion via `json.RawMessage` can unintentionally expose sensitive excess data. Explicitly construct and map only the necessary, safe fields to a separate structure before serialization to avoid data leaks.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Goβ
greprules fetch cve-2024-39315-overly-broad-protobuf-serialization --engine opengrep

Description

Unconditionally serializing a potentially sensitive protocol buffer or data object (like Session, User, or Profile) and preparing it for direct JSON inclusion via `json.RawMessage` can unintentionally expose sensitive excess data. Explicitly construct and map only the necessary, safe fields to a separate structure before serialization to avoid data leaks.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 75How quality works
Included packs
2 packs