GHSA-594f-3595-c47v

Suggest an improvement
Source
https://github.com/advisories/GHSA-594f-3595-c47v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-594f-3595-c47v/GHSA-594f-3595-c47v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-594f-3595-c47v
Published
2026-03-18T12:59:01Z
Modified
2026-03-18T13:01:30.219977Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121
Details

Summary

The terraform-provider-argocd might have been vulnerable to GO-2026-4337 / CVE-2025-68121 ("Unexpected session resumption in crypto/tls").

Details

See https://pkg.go.dev/vuln/GO-2026-4337 for the upstream vulnerability.

Provider versions starting with v7.15.1 are using go 1.25.8 for building and are thus no longer affected.

Database specific 
{
    "github_reviewed_at": "2026-03-18T12:59:01Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-1395",
        "CWE-295"
    ],
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/argoproj-labs/terraform-provider-argocd

Package

Name
github.com/argoproj-labs/terraform-provider-argocd
View open source insights on deps.dev
Purl
pkg:golang/github.com/argoproj-labs/terraform-provider-argocd

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.3-0.20260316182343-b3364f3f32e7

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-594f-3595-c47v/GHSA-594f-3595-c47v.json"