github.com/sylabs/scs-library-client is vulnerable to information disclosure. The vulnerability exists in pull.go
because the user credentials are leaked to third-party services via HTTP redirect which allows an attacker to gain access to the credential information and perform unauthorized actions.
github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa
github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2
github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c
github.com/sylabs/scs-library-client/issues/153
github.com/sylabs/scs-library-client/pull/154
github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7