GO-2025-4101
- Source
- https://pkg.go.dev/vuln/GO-2025-4101
- Import Source
- https://vuln.go.dev/ID/GO-2025-4101.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2025-4101
- Aliases
- Related
- Published
- 2025-11-17T19:11:23Z
- Modified
- 2026-02-04T03:37:15.495454Z
- Summary
- OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu
- Details
-
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2025-4101", "review_status": "UNREVIEWED" }- References
-
- https://github.com/opentofu/opentofu/security/advisories/GHSA-w2jf-268q-mrvh
- https://github.com/opentofu/opentofu/pull/3467
- https://github.com/opentofu/opentofu/issues/3458
- https://github.com/opentofu/opentofu/issues/3462
- https://github.com/opentofu/opentofu/issues/3464
- https://github.com/opentofu/opentofu/issues/3465
- https://github.com/opentofu/opentofu/releases/tag/v1.10.7
- https://www.cve.org/CVERecord?id=CVE-2025-58183
- https://www.cve.org/CVERecord?id=CVE-2025-58185
- https://www.cve.org/CVERecord?id=CVE-2025-58187
- https://www.cve.org/CVERecord?id=CVE-2025-58188
Affected packages
Go / github.com/opentofu/opentofu
Package
- Name
- github.com/opentofu/opentofu
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/opentofu/opentofu