x/vulndb: potential Go vuln in github.com/goreleaser/goreleaser: GHSA-f6mm-5fc7-3g3c

[GoVulnBot]

In GitHub Security Advisory GHSA-f6mm-5fc7-3g3c, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/goreleaser/goreleaser	1.26.1	= 1.26.0

Cross references:

• Module github.com/goreleaser/goreleaser appears in issue x/vulndb: potential Go vuln in github.com/goreleaser/goreleaser: CVE-2024-23840 #2482

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/goreleaser/goreleaser
      versions:
        - introduced: TODO (earliest fixed "1.26.1", vuln range "= 1.26.0")
      packages:
        - package: github.com/goreleaser/goreleaser
summary: goreleaser shows environment by default in github.com/goreleaser/goreleaser
ghsas:
    - GHSA-f6mm-5fc7-3g3c
references:
    - advisory: https://github.com/goreleaser/goreleaser/security/advisories/GHSA-f6mm-5fc7-3g3c
    - fix: https://github.com/goreleaser/goreleaser/pull/4787
    - fix: https://github.com/goreleaser/goreleaser/commit/22f734e41f7a5111a031a3a4eb714c1b6aa6456b
source:
    id: GHSA-f6mm-5fc7-3g3c

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports