supercronic icon indicating copy to clipboard operation
supercronic copied to clipboard
verified publisher icon aptible

CVE (CVE-2025-47907) in golang/stdlib

Open Vooperino opened this issue 3 months ago • 3 comments

Hi!

After running an AquaSec Trivy scanner tool and finding a CVE (CVE-2025-47907) in the golang/stdlib that has been marked as HIGH or RedHat/V3 7 MODERATE. This CVE exists starting from 0.2.34 version of supercronics.

AquaSec AVD Link: https://avd.aquasec.com/nvd/2025/cve-2025-47907/

Image

Thanks

Vooperino avatar Sep 15 '25 08:09 Vooperino

There is a pull request for the issue: https://github.com/aptible/supercronic/pull/196

Unfortunately, no response.

Best regards

larsteuber avatar Sep 16 '25 13:09 larsteuber

The author will need to re-compile with the latest stdlib.

tkocou avatar Sep 23 '25 17:09 tkocou

Fixed in our scans on v0.2.38

https://github.com/aptible/supercronic/releases/tag/v0.2.38

devops-cafex avatar Oct 13 '25 07:10 devops-cafex