Open
Description
Report ID
GO-2025-3437
Suggestion/Comment
As stated on GHSA-274v-mgcv-cm8j this GO vulnerability has a resolution.
The fix is in argoproj/gitops-engine@7e21b91
The last affected is argoproj/gitops-engine@d78929e
Meaning github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f
module version is first fixed version.
And github.com/argoproj/gitops-engine v0.7.1-0.20250124211812-d78929e7f6c7
module version is last affected.
Also see:
- [GHSA-274v-mgcv-cm8j] Argo CD GitOps Engine does not scrub secret values from patch errors github/advisory-database#5689
- [GHSA-274v-mgcv-cm8j] Argo CD GitOps Engine does not scrub secret values from patch errors github/advisory-database#5721
- Improve GHSA-274v-mgcv-cm8j github/advisory-database#5723
- Additional version affected ranges for GHSA-274v-mgcv-cm8j argoproj/gitops-engine#736
- x/vulndb: suggestion regarding GO-2025-3437 #3760