Skip to content

[Vulnerability] fix critical and critial Vulnerability reported by daily scan. #9839

New issue
New issue
Open
Open
[Vulnerability] fix critical and critial Vulnerability reported by daily scan.#9839
Assignees
shanshanying
Labels
kind/bugSomething isn't working
@shanshanying

Description

@shanshanying
shanshanying
opened on Nov 4, 2025
Image 
Total: 6 (HIGH: 6, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-47912 │ HIGH     │ fixed  │ v1.23.12          │ 1.24.8, 1.25.2 │ The Parse function permits values other than IPv6 addresses  │
│         │                │          │        │                   │                │ to be incl...                                                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-47912                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58183 │          │        │                   │                │ tar.Reader does not set a maximum size on the number of      │
│         │                │          │        │                   │                │ sparse...                                                    │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58183                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58186 │          │        │                   │                │ Despite HTTP headers having a default limit of 1MB, the      │
│         │                │          │        │                   │                │ number of...                                                 │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58186                   │
│         ├────────────────┤          │        │                   ├────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58187 │          │        │                   │ 1.24.9, 1.25.3 │ Due to the design of the name constraint checking algorithm, │
│         │                │          │        │                   │                │ the proce...                                                 │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58187                   │
│         ├────────────────┤          │        │                   ├────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58188 │          │        │                   │ 1.24.8, 1.25.2 │ Validating certificate chains which contain DSA public keys  │
│         │                │          │        │                   │                │ can cause ......                                             │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58188                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61724 │          │        │                   │                │ The Reader.ReadResponse function constructs a response       │
│         │                │          │        │                   │                │ string through ...                                           │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61724                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘

Metadata

Metadata

Assignees

Labels

kind/bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions