Go modules · proxy.golang.org
github.com/gravwell/gravwell/v3
Go Init Env Token Exfil: Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape.
Why PkgRadar flagged v3.8.81-0.20260608180655-634371bea2ef
| Severity | Signal | Evidence |
|---|---|---|
| high | Go Init Env Token Exfil | Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape. · github.com/gravwell/gravwell/[email protected]/ingest/processors/plugin/packages.go |
| high | Go Init Env Token Exfil | Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape. · github.com/gravwell/gravwell/[email protected]/ingest/processors/plugin/packages_windows.go |
| medium | Remote Payload | matched "CUrl " · github.com/gravwell/gravwell/[email protected]/ingesters/HttpIngester/hec_config.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v3.8.81-0.20260608180655-634371bea2ef | High risk | 72 | 2026-06-11 |
v3.8.81-0.20260608174407-f9717feb71e4 | High risk | 72 | 2026-06-11 |
v3.8.81-0.20260604193904-d75b4888b97c | High risk | 72 | 2026-06-09 |
v3.8.81-0.20260604192839-bd805bb2f2a7 | High risk | 72 | 2026-06-09 |
v3.8.81-0.20260603143352-8d61e7749e75 | High risk | 72 | 2026-06-04 |
v3.8.81-0.20260603142249-ec5844ec442d | High risk | 72 | 2026-06-04 |
v3.8.81-0.20260603141333-be938d8705ca | High risk | 72 | 2026-06-04 |
v3.8.81-0.20260602195044-57bf9e99e63c | High risk | 72 | 2026-06-03 |
v3.8.81-0.20260602174105-2c09fd11e36d | High risk | 72 | 2026-06-03 |
v3.8.81-0.20260601204123-57104b398bd4 | High risk | 72 | 2026-06-02 |
v3.8.81-0.20260601202944-42e49d35c0a4 | High risk | 72 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem go github.com/gravwell/gravwell/[email protected]