UNCLASSIFIED - NO CUI

Skip to content

Critical CVEs present in ironbank-pipeline/pipeline-runner-alpine-dev:25 packages

pipeline-runner-alpine-dev:25 has the following Critical mitigated (but high residual risk where any authenticated user can exploit) vulnerabilities that need patching:

Package Version Fixed Version CVE
github.com/go-git/go-git/v5 5.12.0 >=5.13.0 CVE-2025-21613
golang.org/x/crypto 0.27.0 >=0.31.0 CVE-2024-45337
h11 0.14.0 >=0.16.0 CVE-2025-43859
go 1.23.5 >=1.23.8, >=1.24.2 CVE-2025-22871
stdlib go1.22.10 >=1.23.8, >=1.24.2 CVE-2025-22871
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI