Security: CVE-2025-47907 in Go stdlib v1.24.5 - Postgres Scan Race Condition #867
Description
Vulnerability Description
Trivy security scan detected a HIGH severity vulnerability in the helm-diff plugin binary.
CVE ID: CVE-2025-47907
Severity: HIGH
Component: stdlib (Go standard library)
Current Version: v1.24.5
Fixed Version: 1.23.12, 1.24.6
Vulnerability Details
Title: database/sql: Postgres Scan Race Condition
Reference: https://avd.aquasec.com/nvd/cve-2025-47907
Affected Binary
root/.local/share/helm/plugins/helm-diff/diff/bin/diff (gobinary)
Scan Output
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼────────────────────────────────────────────┤
│ stdlib │ CVE-2025-47907 │ HIGH │ fixed │ v1.24.5 │ 1.23.12, 1.24.6 │ database/sql: Postgres Scan Race Condition │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-47907 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴────────────────────────────────────────────┘
Remediation
Please update the Go version used to build the helm-diff plugin to at least:
- Go 1.23.12 (if using 1.23.x series)
- Go 1.24.6 (if using 1.24.x series)
This will resolve the vulnerability in the Go standard library's database/sql package.
Environment
- Scanner: Trivy
- Detection Date: 2025-10-10
- Plugin Location:
.local/share/helm/plugins/helm-diff/
Thank you for maintaining this plugin!