Skip to content

[GHSA-vffh-x6r8-xx99] [CVE-2026-40179] Doesn't show all remediated versions (particularly v3.5.2's go counterpart v0.305.2) #7537

Open
Open
[GHSA-vffh-x6r8-xx99] [CVE-2026-40179] Doesn't show all remediated versions (particularly v3.5.2's go counterpart v0.305.2)#7537
@MartinFalatic

Description

@MartinFalatic
MartinFalatic
opened on Apr 28, 2026

Considering the advisory GHSA-vffh-x6r8-xx99

We see
https://github.com/prometheus/prometheus/releases/tag/v3.5.2 remediates this, but the patched versions don't accurately reflect this fact (they only show the 0.311.2 patch, not the 0.305.2 LTS patch for the Go module)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions