GO-2025-3798
- Source
- https://pkg.go.dev/vuln/GO-2025-3798
- Import Source
- https://vuln.go.dev/ID/GO-2025-3798.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2025-3798
- Aliases
-
- CVE-2025-6224
- GHSA-h34r-jxqm-qgpr
- Published
- 2025-07-28T19:57:06Z
- Modified
- 2025-07-28T20:30:22.249251Z
- Summary
- Leaks private key in certs in github.com/juju/utils
- Details
-
Leaks private key in certs in github.com/juju/utils
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2025-3798" }- References
Affected packages
Go / github.com/juju/utils
Package
- Name
- github.com/juju/utils
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/juju/utils
Go / github.com/juju/utils/v2
Package
- Name
- github.com/juju/utils/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/juju/utils/v2
Go / github.com/juju/utils/v3
Package
- Name
- github.com/juju/utils/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/juju/utils/v3
Go / github.com/juju/utils/v4
Package
- Name
- github.com/juju/utils/v4
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/juju/utils/v4
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.4
Ecosystem specific
{
"imports": [
{
"symbols": [
"Client.Password",
"Client.Ping",
"Client.Run",
"Client.Secure",
"ClientConfig.Validate",
"ClientConfig.password",
"NewClient",
"NewX509",
"TTYGetPasswd",
"X509.CACert",
"X509.ClientCert",
"X509.ClientKey",
"X509.LoadCACert",
"X509.LoadClientCert",
"X509.Reset",
"X509.read",
"X509.write",
"confExists",
"newCredentials"
],
"path": "github.com/juju/utils/v4/winrm"
},
{
"symbols": [
"NewCA",
"NewClientCert",
"NewLeaf",
"bigIntHash",
"getPublicKey",
"newSerialNumber"
],
"path": "github.com/juju/utils/v4/cert"
}
]
}