CLEANSTART-2026-TN07413

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-TN07413.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-TN07413
Upstream
  • CVE-2026-25679
  • CVE-2026-27139
  • CVE-2026-27142
  • CVE-2026-34986
  • ghsa-6g7g-w4f8-9c9x
  • ghsa-9h8m-3fm2-qjrq
  • ghsa-fw7p-63qq-7hpr
  • ghsa-p77j-4mvh-x3m3
  • ghsa-q9hv-hpm4-hj6x
  • ghsa-xmrv-pmrh-hhx2
Published
2026-04-09T00:43:07.545336Z
Modified
2026-05-20T18:15:06.476864803Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web To...
Details

Multiple security vulnerabilities affect the terragrunt-fips package. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. See references for individual vulnerability details.

References

Affected packages

CleanStart / terragrunt-fips

Package

Name
terragrunt-fips

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.97.2-r4

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-TN07413.json"