GO-2025-3815

Source
https://pkg.go.dev/vuln/GO-2025-3815
Import Source
https://vuln.go.dev/ID/GO-2025-3815.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2025-3815
Aliases
Published
2025-07-29T18:49:33Z
Modified
2025-07-29T19:12:09.706196Z
Summary
melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange
Details

melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange

Database specific
{
    "review_status": "UNREVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2025-3815"
}
References

Affected packages

Go / chainguard.dev/melange

Package

Name
chainguard.dev/melange
View open source insights on deps.dev
Purl
pkg:golang/chainguard.dev/melange

Affected ranges

Type
SEMVER
Events
Introduced
0.23.0
Fixed
0.29.5