{"id":"GO-2025-3981","summary":"Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws","details":"Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws","aliases":["CVE-2025-59823","GHSA-227x-7mh8-3cf6"],"modified":"2026-03-03T04:56:56.726123Z","published":"2025-10-23T16:25:09Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3981"},"references":[{"type":"ADVISORY","url":"https://github.com/gardener/gardener-extension-provider-aws/security/advisories/GHSA-227x-7mh8-3cf6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59823"},{"type":"FIX","url":"https://github.com/gardener/gardener-extension-provider-aws/commit/cb5045fc146248296994804bbfe27bd896938bf2"},{"type":"FIX","url":"https://github.com/gardener/gardener-extension-provider-azure/commit/4573a4404969f89781ed6cf72e90554bc6ae2020"},{"type":"FIX","url":"https://github.com/gardener/gardener-extension-provider-gcp/commit/51111b4f60c33c60dfdf18b1fc50f7ec8d8f70ac"},{"type":"FIX","url":"https://github.com/gardener/gardener-extension-provider-openstack/commit/2ed6f0fe1be90fbef5d6093eb0b8325c8421b8d8"},{"type":"WEB","url":"https://github.com/gardener/gardener-extension-provider-aws/releases/tag/v1.64.0"},{"type":"WEB","url":"https://github.com/gardener/gardener-extension-provider-azure/releases/tag/v1.55.0"},{"type":"WEB","url":"https://github.com/gardener/gardener-extension-provider-gcp/releases/tag/v1.46.0"},{"type":"WEB","url":"https://github.com/gardener/gardener-extension-provider-openstack/releases/tag/v1.49.0"}],"affected":[{"package":{"name":"github.com/gardener/gardener-extension-provider-aws","ecosystem":"Go","purl":"pkg:golang/github.com/gardener/gardener-extension-provider-aws"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.64.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3981.json"}},{"package":{"name":"github.com/gardener/gardener-extension-provider-azure","ecosystem":"Go","purl":"pkg:golang/github.com/gardener/gardener-extension-provider-azure"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.55.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3981.json"}},{"package":{"name":"github.com/gardener/gardener-extension-provider-gcp","ecosystem":"Go","purl":"pkg:golang/github.com/gardener/gardener-extension-provider-gcp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.46.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3981.json"}},{"package":{"name":"github.com/gardener/gardener-extension-provider-openstack","ecosystem":"Go","purl":"pkg:golang/github.com/gardener/gardener-extension-provider-openstack"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.49.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3981.json"}}],"schema_version":"1.7.3"}