Security Report on Vulnerabilities Identified Through Prisma Scan #102
Description
1. Introduction
This report summarizes the vulnerabilities identified through the Prisma scan conducted.
The identified vulnerabilities have been categorized based on their severity levels, potential impacts, and recommended actions for remediation.
2. Vulnerabilities
2.1 Critical Vulnerabilities
Vulnerability: CVE-2025-68121
Description: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
2.1 High Vulnerabilities
Vulnerability: CVE-2026-27142
Description: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
3. How to reproduce it (as minimally and precisely as possible):
Scan your image via Prisma and you will see the issues.
Affected versions: v0.6.0
4. Conclusion
The Prisma scan identified several vulnerabilities in the environment.
Immediate attention should be given to critical and high-severity vulnerabilities to mitigate potential risks.
Medium and low-severity vulnerabilities should also be addressed in a timely manner to strengthen the security posture.
Continuous monitoring and regular vulnerability assessments are recommended to ensure ongoing security.
Please review this report and prioritize the remediation efforts accordingly.