Skip to content

Fix some CVEs#2042

Open
masap wants to merge 1 commit intovmware-tanzu:mainfrom
masap:fix-cves-20260105
Open

Fix some CVEs#2042
masap wants to merge 1 commit intovmware-tanzu:mainfrom
masap:fix-cves-20260105

Conversation

@masap
Copy link
Copy Markdown
Contributor

@masap masap commented Jan 5, 2026

What this PR does / why we need it:
We need to fix following vulnerabilities.

sonobuoy (gobinary)

Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────┬─────────────────────────────────────────────────────────────┐
│          Library           │ Vulnerability  │ Severity │ Status │ Installed Version │    Fixed Version    │                            Title                            │
├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────┼─────────────────────────────────────────────────────────────┤
│ github.com/sirupsen/logrus │ CVE-2025-65637 │ HIGH     │ fixed  │ v1.9.0            │ 1.8.3, 1.9.1, 1.9.3 │ github.com/sirupsen/logrus: github.com/sirupsen/logrus:     │
│                            │                │          │        │                   │                     │ Denial-of-Service due to large single-line payload          │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-65637                  │
├────────────────────────────┼────────────────┤          │        ├───────────────────┼─────────────────────┼─────────────────────────────────────────────────────────────┤
│ stdlib                     │ CVE-2025-61729 │          │        │ v1.24.9           │ 1.24.11, 1.25.5     │ crypto/x509: Excessive resource consumption when printing   │
│                            │                │          │        │                   │                     │ error string for host certificate validation...             │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-61729                  │
│                            ├────────────────┼──────────┤        │                   │                     ├─────────────────────────────────────────────────────────────┤
│                            │ CVE-2025-61727 │ MEDIUM   │        │                   │                     │ golang: crypto/x509: excluded subdomain constraint does not │
│                            │                │          │        │                   │                     │ restrict wildcard SANs                                      │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-61727                  │
└────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────┴─────────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes

  • Fixes #

Special notes for your reviewer:

Release note:

release-note

@masap
Fix some CVEs
63ff268 
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
@masap masap force-pushed the fix-cves-20260105 branch from f09e0b0 to 63ff268 Compare February 25, 2026 01:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@masap