Rob Liebowitz

**Name of the Vulnerable Software and Affected Versions** Elastic APM agent for Go versions prior to 1.11.0 **Description** The issue arises when the application panics, potentially leading to the leakage of sensitive HTTP header information. Normally, the APM agent sanitizes sensitive HTTP header details before sending them to the APM server. However, during an application panic, it is possible that these headers will not be sanitized before being sent. **Recommendations** For Elastic APM agent for Go versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider implementing additional logging sanitization measures to minimize the risk of sensitive HTTP header information leakage during application panics.