CVE-2025-59823
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://github.com/gardener/gardener-extension-provider-aws/security/advisories/GHSA-227x-7mh8-3cf6, https://nvd.nist.gov/vuln/detail/CVE-2025-59823, https://github.com/gardener/gardener-extension-provider-aws/commit/cb5045fc146248296994804bbfe27bd896938bf2, https://github.com/gardener/gardener-extension-provider-azure/commit/4573a4404969f89781ed6cf72e90554bc6ae2020, https://github.com/gardener/gardener-extension-provider-gcp/commit/51111b4f60c33c60dfdf18b1fc50f7ec8d8f70ac, https://github.com/gardener/gardener-extension-provider-openstack/commit/2ed6f0fe1be90fbef5d6093eb0b8325c8421b8d8, https://github.com/gardener/gardener-extension-provider-aws/releases/tag/v1.64.0, https://github.com/gardener/gardener-extension-provider-azure/releases/tag/v1.55.0, https://github.com/gardener/gardener-extension-provider-gcp/releases/tag/v1.46.0, https://github.com/gardener/gardener-extension-provider-openstack/releases/tag/v1.49.0
Basic Information
