jfrog-client-go icon indicating copy to clipboard operation
jfrog-client-go copied to clipboard
verified publisher icon jfrog

CVE-2025-11579

Open aep-sunlife opened this issue 2 months ago • 1 comments

Snyk reports a vulnerability CVE-2025-11579 in the jfrog-client-go library, arising from a github.com/nwaples/rardecode dependency.

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNWAPLESRARDECODE-13537507

Why does a REST client need a RAR library at all?

aep-sunlife avatar Oct 29 '25 19:10 aep-sunlife

It's a medium security issue, from an indirect dependency. We'll evaluate to bump it, in the mean time if you use this library you can also bump the indirect dependency on your project.

RemiBou avatar Oct 29 '25 20:10 RemiBou