openSUSE-SU-2026:20239-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20239-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2026:20239-1
Upstream
Related
Published
2026-02-17T09:54:15Z
Modified
2026-03-23T04:54:48.446847Z
Summary
Security update for golang-github-prometheus-prometheus
Details

This update for golang-github-prometheus-prometheus fixes the following issues:

  • CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841)
  • CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897)
  • CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)
References

Affected packages

openSUSE:Leap 16.0 / golang-github-prometheus-prometheus

Package

Name
golang-github-prometheus-prometheus
Purl
pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.0-160000.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "3.5.0-160000.2.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20239-1.json"