[GH-ISSUE #218] Vuln in stdlib, CVE-2025-22874 (HIGH) #43

New issue

Closed

opened 2026-02-26 18:33:03 +03:00 by kerem · 2 comments

kerem commented 2026-02-26 18:33:03 +03:00

Owner

Copy link

Originally created by @benni-as on GitHub (Jun 18, 2025).
Original GitHub issue: https://github.com/decke/smtprelay/issues/218

This week, our trivy scanner reported a vulnerability in stdlib with CVE-2025-22874 and a severity rating of HIGH. Could you please address this? Thank you.

We are using the latest release v1.12.0.

Originally created by @benni-as on GitHub (Jun 18, 2025). Original GitHub issue: https://github.com/decke/smtprelay/issues/218 This week, our trivy scanner reported a vulnerability in stdlib with CVE-2025-22874 and a severity rating of HIGH. Could you please address this? Thank you. We are using the latest release v1.12.0.

kerem closed this issue 2026-02-26 18:33:03 +03:00

kerem commented 2026-02-26 18:33:03 +03:00

Author

Owner

Copy link

@decke commented on GitHub (Jun 19, 2025):

This is a false positive. The library might be affected but neither smtprelay nor any dependency is using ExtKeyUsageAny.

<!-- gh-comment-id:2986799062 --> @decke commented on GitHub (Jun 19, 2025): This is a false positive. The library might be affected but neither smtprelay nor any dependency is using ExtKeyUsageAny.

kerem commented 2026-02-26 18:33:03 +03:00

Author

Owner

Copy link

@benni-as commented on GitHub (Jun 19, 2025):

@decke Thanks for looking into it.

<!-- gh-comment-id:2988211350 --> @benni-as commented on GitHub (Jun 19, 2025): @decke Thanks for looking into it.

kerem referenced this issue 2026-02-26 18:33:17 +03:00

[PR #43] [MERGED] Bump actions/checkout from 2.3.4 to 2.3.5 #83

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/rs/zerolog-1.35.1

dependabot/go_modules/github.com/DeRuina/timberjack-1.4.2

dependabot/go_modules/github.com/chrj/smtpd-1.0.0

dependabot/github_actions/step-security/harden-runner-2.19.0

dependabot/github_actions/github/codeql-action-4.35.2

add-service

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/smtprelay#43

No description provided.