GO-2025-3981

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2025-3981

Import Source

https://vuln.go.dev/ID/GO-2025-3981.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2025-3981

Aliases

Published

2025-10-23T16:25:09Z

Modified

2025-10-23T16:58:55.154414Z

Summary

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws

Details

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2025-3981",
    "review_status": "UNREVIEWED"
}

References

Affected packages

Go

github.com/gardener/gardener-extension-provider-aws

Package

Name: github.com/gardener/gardener-extension-provider-aws; View open source insights on deps.dev
Purl: pkg:golang/github.com/gardener/gardener-extension-provider-aws

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.64.0

github.com/gardener/gardener-extension-provider-azure

Package

Name: github.com/gardener/gardener-extension-provider-azure; View open source insights on deps.dev
Purl: pkg:golang/github.com/gardener/gardener-extension-provider-azure

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.55.0

github.com/gardener/gardener-extension-provider-gcp

Package

Name: github.com/gardener/gardener-extension-provider-gcp; View open source insights on deps.dev
Purl: pkg:golang/github.com/gardener/gardener-extension-provider-gcp

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.46.0

github.com/gardener/gardener-extension-provider-openstack

Package

Name: github.com/gardener/gardener-extension-provider-openstack; View open source insights on deps.dev
Purl: pkg:golang/github.com/gardener/gardener-extension-provider-openstack

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.49.0