Sumerki2020

**Name of the Vulnerable Software and Affected Versions** ydb-go-sdk versions 3.48.6 through 3.53.2 **Description** The issue concerns a potential leak of sensitive information, such as credentials, into logs when using a custom credentials object with ydb-go-sdk. This occurs because the custom credentials object can be serialized into an error message during connection to the YDB server, using `fmt.Errorf("something went wrong (credentials: %q)", credentials)`. If such logging happened, a malicious user with access to logs could read the sensitive information and use it to gain access to the database. The problem affects applications with custom credentials objects that do not implement the `fmt.Stringer` interface. **Recommendations** For versions 3.48.6 through 3.53.2, upgrade to version 3.53.3 to resolve the issue. For users unable to upgrade, implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state.