Multiple CVEs reported by Trivy scan tool for latest version 4.19.0 #1332
Description
During the latest Trivy scan, multiple vulnerabilities were found in the migrate:v4.19.0 image.
Below is the detailed report:
| Library | Vulnerability | Severity | Installed Version | Fixed Version | Description |
|---|---|---|---|---|---|
| stdlib | CVE-2025-58183 | HIGH | 1.24.6 | 1.24.8, 1.25.2 | golang: archive/tar unbounded allocation when parsing GNU sparse map |
| stdlib | CVE-2025-58186 | HIGH | 1.24.6 | - | Despite HTTP headers having a default limit of 1MB, the number of headers may cause excessive memory usage |
| stdlib | CVE-2025-58187 | HIGH | 1.24.6 | 1.24.9, 1.25.3 | Name constraint checking algorithm may allow invalid certificates |
| stdlib | CVE-2025-58188 | HIGH | 1.24.6 | 1.24.8, 1.25.2 | Certificate chain validation with DSA keys may cause unexpected behavior |
| stdlib | CVE-2025-47912 | MEDIUM | 1.24.6 | - | net/url: insufficient validation of bracketed IPv6 hostnames |
| stdlib | CVE-2025-58185 | HIGH | 1.24.6 | - | encoding/asn1: DER parsing may cause memory exhaustion |
| stdlib | CVE-2025-58189 | HIGH | 1.24.6 | - | crypto/tls: ALPN negotiation error exposes attacker-controlled data |
| stdlib | CVE-2025-61723 | HIGH | 1.24.6 | - | encoding/pem: Quadratic complexity when parsing malformed inputs |
| stdlib | CVE-2025-61724 | HIGH | 1.24.6 | - | net/textproto: Excessive CPU consumption in Reader.ReadResponse |
| stdlib | CVE-2025-61725 | HIGH | 1.24.6 | - | net/mail: Excessive CPU consumption in ParseAddress |
@dhui This is blocking our CI pipeline due to HIGH cves.
Please check and provide ETA when we expect new version?