govulnceck report: GO-2025-3553 on github.com/golang-jwt/jwt #12701
Description
When running govulncheck on this codebase the following vulnerability is being reported:
Vulnerability #1: GO-2025-3553
Excessive memory allocation during header parsing in
github.com/golang-jwt/jwt
More info: https://pkg.go.dev/vuln/GO-2025-3553
Module: github.com/golang-jwt/jwt
Found in: github.com/golang-jwt/[email protected]+incompatible
Fixed in: N/A
This issue has been patched: GHSA-mh63-6h87-95cp
When running go mod why github.com/golang-jwt/jwt we get the following chain, which indicates the source of the issue is in DefangLabs/secret-detector:
github.com/docker/compose/v2/pkg/compose
github.com/DefangLabs/secret-detector/pkg/scanner
github.com/DefangLabs/secret-detector/pkg/detectors/jwt
github.com/golang-jwt/jwt
DefangLabs/secret-detector has no way to open an issue on the affected repo. I'm also not sure the significance of that package on this codebase.