Skip to content

test: fix CVE-2025-47912 error #2220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 30, 2025
Merged

test: fix CVE-2025-47912 error #2220

merged 2 commits into from
Oct 30, 2025

Conversation

@andyzhangx
Copy link
Member

@andyzhangx andyzhangx commented Oct 30, 2025

What type of PR is this?
/kind failing-test

What this PR does / why we need it:
test: fix CVE-2025-47912 error

azurediskplugin (gobinary)
==========================
Total: 10 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 10, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-47912 │ HIGH     │ fixed  │ v1.24.6           │ 1.24.8, 1.25.2 │ [net/url: insufficient validation of bracketed IPv6        │
│         │                │          │        │                   │                │ hostnames]                                                 │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-47912                 │

📣 Notices:
  - Version 0.67.2 of Trivy is now available, current version is 0.65.0

To suppress version checks, run Trivy scans with the --skip-version-check flag

│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58183 │          │        │                   │                │ [archive/tar: unbounded allocation when parsing GNU sparse │
│         │                │          │        │                   │                │ map]                                                       │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58183                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58185 │          │        │                   │                │ [encoding/asn1: pre-allocating memory when parsing DER     │
│         │                │          │        │                   │                │ payload can cause memory exhaustion]                       │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58185                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58186 │          │        │                   │                │ [net/http: lack of limit when parsing cookies can cause    │
│         │                │          │        │                   │                │ memory exhaustion]                                         │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58186                 │
│         ├────────────────┤          │        │                   ├────────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58187 │          │        │                   │ 1.24.9, 1.25.3 │ [crypto/x509: quadratic complexity when checking name      │
│         │                │          │        │                   │                │ constraints]                                               │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58187                 │
│         ├────────────────┤          │        │                   ├────────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58188 │          │        │                   │ 1.24.8, 1.25.2 │ [crypto/x509: panic when validating certificates with DSA  │
│         │                │          │        │                   │                │ public keys]                                               │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58188                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58189 │          │        │                   │                │ [crypto/tls: ALPN negotiation errors can contain arbitrary │
│         │                │          │        │                   │                │ text]                                                      │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58189                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61723 │          │        │                   │                │ [encoding/pem: quadratic complexity when parsing some      │
│         │                │          │        │                   │                │ invalid inputs]                                            │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61723                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61724 │          │        │                   │                │ [net/textproto: excessive CPU consumption in               │
│         │                │          │        │                   │                │ Reader.ReadResponse]                                       │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61724                 │
│         ├────────────────┤          │        │                   │                ├────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61725 │          │        │                   │                │ [net/mail: excessive CPU consumption in ParseAddress]      │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61725                 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴────────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@k8s-ci-robot k8s-ci-robot added kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 30, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 30, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested review from cvvz and feiskyer October 30, 2025 08:16
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 30, 2025
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 30, 2025
@andyzhangx andyzhangx merged commit 3832e07 into kubernetes-sigs:master Oct 30, 2025
21 of 22 checks passed
@andyzhangx
Copy link
Member Author

andyzhangx commented Oct 30, 2025

/cherrypick release-1.27

@andyzhangx
Copy link
Member Author

andyzhangx commented Oct 30, 2025

/cherrypick release-1.26

@andyzhangx
Copy link
Member Author

andyzhangx commented Oct 30, 2025

/cherrypick release-1.25

@k8s-infra-cherrypick-robot
Copy link

k8s-infra-cherrypick-robot commented Oct 30, 2025

@andyzhangx: new pull request created: #2223

In response to this:

/cherrypick release-1.27

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Oct 30, 2025
Merged
@k8s-infra-cherrypick-robot
Copy link

k8s-infra-cherrypick-robot commented Oct 30, 2025

@andyzhangx: new pull request created: #2224

In response to this:

/cherrypick release-1.26

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Oct 30, 2025
Merged
@k8s-infra-cherrypick-robot
Copy link

k8s-infra-cherrypick-robot commented Oct 30, 2025

@andyzhangx: new pull request created: #2225

In response to this:

/cherrypick release-1.25

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Oct 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cvvz cvvz Awaiting requested review from cvvz

@feiskyer feiskyer Awaiting requested review from feiskyer

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andyzhangx @k8s-ci-robot @k8s-infra-cherrypick-robot