You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability #1: GO-2025-3751
Sensitive headers not cleared on cross-origin redirect in net/http
More info: https://pkg.go.dev/vuln/GO-2025-3751
Standard library
Found in: net/[email protected]
Fixed in: net/[email protected]
Example traces found: #1: nodeinstaller/internal/asset/http.go:100:30: asset.HTTPFetcher.FetchUnchecked calls http.Client.Do
Nodeinstaller is not setting sensitive headers.
Vulnerability #2: GO-2025-3750
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in
syscall
More info: https://pkg.go.dev/vuln/GO-2025-3750
Windows is not a supported target, behaviour on UNIX is ok before and after.
Vulnerability #3: GO-2025-3749
Usage of ExtKeyUsageAny disables policy validation in crypto/x509
More info: https://pkg.go.dev/vuln/GO-2025-3749
Standard library
Found in: crypto/[email protected]
Fixed in: crypto/[email protected]
Example traces found: #1: internal/attestation/snp/validator.go:100:40: snp.Validator.Validate calls verify.SnpAttestationContext, which eventually calls x509.Certificate.Verify
As far as I know, we don't have policy graphs in certificates relevant to attestation.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.