GHSA-28xx-pppm-vqff: ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction
Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led (in rare cases) to a loss of data consistency.
References
- github.com/advisories/GHSA-28xx-pppm-vqff
- github.com/ydb-platform/ydb-go-sdk
- github.com/ydb-platform/ydb-go-sdk/commit/251128a64763555d9a79ee7a131dd154c9000eb9
- github.com/ydb-platform/ydb-go-sdk/commit/25dcff4c41153f1f9413512ba12999b40bf7154d
- github.com/ydb-platform/ydb-go-sdk/pull/2091
- github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.104.6
- github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.1
- github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.2
- github.com/ydb-platform/ydb-go-sdk/security/advisories/GHSA-28xx-pppm-vqff
Code Behaviors & Features
Detect and mitigate GHSA-28xx-pppm-vqff with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →