tfsec
tfsec copied to clipboard
Published
20 hours ago •
aquasecurity
aquasecurity
Updated go version
tfsec showing couple of CRITICAL and HIGH CVE's in orca scan report with the latest version of tfsec. Existing go version is 1.24.1 Fixed go versions are 1.23.8, 1.24.2
{
--
more_vert | 29393 | 02:45:12 PM | "target": "usr/bin/tfsec",
more_vert | 29394 | 02:45:12 PM | "category": "lang-pkgs",
more_vert | 29395 | 02:45:12 PM | "type": "gobinary",
more_vert | 29396 | 02:45:12 PM | "vulnerabilities": [
more_vert | 29397 | 02:45:12 PM | {
more_vert | 29398 | 02:45:12 PM | "vulnerability_id": "CVE-2025-22871",
more_vert | 29399 | 02:45:12 PM | "severity": "CRITICAL",
more_vert | 29400 | 02:45:12 PM | "pkg_name": "stdlib",
more_vert | 29401 | 02:45:12 PM | "pkg_path": "",
more_vert | 29402 | 02:45:12 PM | "installed_version": "1.24.1",
more_vert | 29403 | 02:45:12 PM | "fixed_version": "1.23.8, 1.24.2",
more_vert | 29404 | 02:45:12 PM | "cvss_v2_score": "",
more_vert | 29405 | 02:45:12 PM | "cvss_v3_score": "9.1",
more_vert | 29406 | 02:45:12 PM | "status_summary": {
more_vert | 29407 | 02:45:12 PM | "priority": "HIGH",
more_vert | 29408 | 02:45:12 PM | "status": "FAILED"
more_vert | 29409 | 02:45:12 PM | }
more_vert | 29410 | 02:45:12 PM | },
more_vert | 29411 | 02:45:12 PM | {
more_vert | 29412 | 02:45:12 PM | "vulnerability_id": "CVE-2025-46569",
more_vert | 29413 | 02:45:12 PM | "severity": "HIGH",
more_vert | 29414 | 02:45:12 PM | "pkg_name": "github.com/open-policy-agent/opa",
more_vert | 29415 | 02:45:12 PM | "pkg_path": "",
more_vert | 29416 | 02:45:12 PM | "installed_version": "v0.68.0",
more_vert | 29417 | 02:45:12 PM | "fixed_version": "1.4.0",
more_vert | 29418 | 02:45:12 PM | "cvss_v2_score": "",
more_vert | 29419 | 02:45:12 PM | "cvss_v3_score": "8.1",
more_vert | 29420 | 02:45:12 PM | "status_summary": {
more_vert | 29421 | 02:45:12 PM | "priority": "HIGH",
more_vert | 29422 | 02:45:12 PM | "status": "FAILED"
more_vert | 29423 | 02:45:12 PM | }
more_vert | 29424 | 02:45:12 PM | }
more_vert | 29425 | 02:45:12 PM | ],
more_vert | 29426 | 02:45:12 PM | "vulnerabilities_count": {
more_vert | 29427 | 02:45:12 PM | "total": 2,
more_vert | 29428 | 02:45:12 PM | "critical": 1,
more_vert | 29429 | 02:45:12 PM | "high": 1,
more_vert | 29430 | 02:45:12 PM | "medium": 0,
more_vert | 29431 | 02:45:12 PM | "low": 0,
more_vert | 29432 | 02:45:12 PM | "unknown": 0
more_vert | 29433 | 02:45:12 PM | }
more_vert | 29434 | 02:45:12 PM | },
more_vert | 29435 | 02:45:12 PM | {
more_vert | 29436 | 02:45:12 PM | "target": "usr/bin/tfsec-checkgen",
more_vert | 29437 | 02:45:12 PM | "category": "lang-pkgs",
more_vert | 29438 | 02:45:12 PM | "type": "gobinary",
more_vert | 29439 | 02:45:12 PM | "vulnerabilities": [
more_vert | 29440 | 02:45:12 PM | {
more_vert | 29441 | 02:45:12 PM | "vulnerability_id": "CVE-2025-22871",
more_vert | 29442 | 02:45:12 PM | "severity": "CRITICAL",
more_vert | 29443 | 02:45:12 PM | "pkg_name": "stdlib",
more_vert | 29444 | 02:45:12 PM | "pkg_path": "",
more_vert | 29445 | 02:45:12 PM | "installed_version": "1.24.1",
more_vert | 29446 | 02:45:12 PM | "fixed_version": "1.23.8, 1.24.2",
more_vert | 29447 | 02:45:12 PM | "cvss_v2_score": "",
more_vert | 29448 | 02:45:12 PM | "cvss_v3_score": "9.1",
more_vert | 29449 | 02:45:12 PM | "status_summary": {
more_vert | 29450 | 02:45:12 PM | "priority": "HIGH",
more_vert | 29451 | 02:45:12 PM | "status": "FAILED"
more_vert | 29452 | 02:45:12 PM | }
more_vert | 29453 | 02:45:12 PM | },
more_vert | 29454 | 02:45:12 PM | {
more_vert | 29455 | 02:45:12 PM | "vulnerability_id": "CVE-2025-46569",
more_vert | 29456 | 02:45:12 PM | "severity": "HIGH",
more_vert | 29457 | 02:45:12 PM | "pkg_name": "github.com/open-policy-agent/opa",
more_vert | 29458 | 02:45:12 PM | "pkg_path": "",
more_vert | 29459 | 02:45:12 PM | "installed_version": "v0.68.0",
more_vert | 29460 | 02:45:12 PM | "fixed_version": "1.4.0",
more_vert | 29461 | 02:45:12 PM | "cvss_v2_score": "",
more_vert | 29462 | 02:45:12 PM | "cvss_v3_score": "8.1",
more_vert | 29463 | 02:45:12 PM | "status_summary": {
more_vert | 29464 | 02:45:12 PM | "priority": "HIGH",
more_vert | 29465 | 02:45:12 PM | "status": "FAILED"
more_vert | 29466 | 02:45:12 PM | }
more_vert | 29467 | 02:45:12 PM | }
more_vert | 29468 | 02:45:12 PM | ],
more_vert | 29469 | 02:45:12 PM | "vulnerabilities_count": {
more_vert | 29470 | 02:45:12 PM | "total": 2,
more_vert | 29471 | 02:45:12 PM | "critical": 1,
more_vert | 29472 | 02:45:12 PM | "high": 1,
more_vert | 29473 | 02:45:12 PM | "medium": 0,
more_vert | 29474 | 02:45:12 PM | "low": 0,
more_vert | 29475 | 02:45:12 PM | "unknown": 0
more_vert | 29476 | 02:45:12 PM | }
more_vert | 29477 | 02:45:12 PM | }
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 365 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}