Vulnerability Reportprom/statsd-exporter:v0.25.0

prom/statsd-exporter:v0.25.0

DIGESTsha256:9ecba4cbd72d00c47922c35a996118e433200c36d806c44691bf07e0f7fa48cc

Executive Summary

Threat ScoreCAUTION• 88 total vulnerabilities detected, including 20 with severity ≥6.0 and 3 with severity ≥7.0.• Exposed high-severity CVEs: CVE-2024-24790 (7.84) related to IP address classification and CVE-2023-45288 (7.8) for HTTP/2 denial of service.• Image is pinned by digest and from a popular community publisher (120M+ pulls) but lacks official verification.• No post-exploit vulnerabilities found, limiting risk to exposed surface only.

74/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (121M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via HTTP/2 CONTINUATION frames (CVE-2023-45288) if HTTP/2 is enabled, or exploit memory exhaustion from excessive query parameters (CVE-2025-61726). Disabling HTTP/2 fully mitigates CVE-2023-45288; note that HTTP/2 is only active if TLS is configured. The container also exposes potential IP filtering bypass via CVE-2024-24790, but direct exploitation is limited. All 88 vulnerabilities are on the exposed surface, with no post-exploit issues.

Vulnerabilities

Vulnerability Log

100 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-24790	HIGH7.84	stdlib v1.19.12 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2023-45288	HIGH7.8	golang.org/x/net v0.17.0 fixed in 0.23.0	92.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-45288	HIGH7.8	stdlib v1.19.12 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2025-68121	MEDIUM6.8	stdlib v1.19.12 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39829	MEDIUM6.38	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39830	MEDIUM6.38	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	golang.org/x/net v0.17.0 fixed in 0.53.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.19.12 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42508	MEDIUM6.29	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-46595	MEDIUM6.03	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2023-39325	MEDIUM6	stdlib v1.19.12 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2023-45287	MEDIUM6	stdlib v1.19.12 fixed in 1.20.0	1.3% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-47907	MEDIUM5.95	stdlib v1.19.12 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24786	MEDIUM5.9	google.golang.org/protobuf v1.31.0 fixed in 1.33.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-24791	MEDIUM5.9	stdlib v1.19.12 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.19.12 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.19.12 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.17.0 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-24785	MEDIUM5.52	stdlib v1.19.12 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.19.12 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.19.12 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24784	MEDIUM5.4	stdlib v1.19.12 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-39326	MEDIUM5.3	stdlib v1.19.12 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-45289	MEDIUM5.3	stdlib v1.19.12 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-45290	MEDIUM5.3	stdlib v1.19.12 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-39318	MEDIUM5.18	stdlib v1.19.12 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39319	MEDIUM5.18	stdlib v1.19.12 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM5.1	stdlib v1.19.12 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-24783	MEDIUM5.02	stdlib v1.19.12 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.19.12 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.19.12 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.19.12 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.19.12 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.19.12 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.19.12 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.14.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.14.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-46598	MEDIUM4.5	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47911	MEDIUM4.5	golang.org/x/net v0.17.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58190	MEDIUM4.5	golang.org/x/net v0.17.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2023-45284	MEDIUM4.5	stdlib v1.19.12 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.19.12 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.19.12 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.19.12 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.17.0 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.19.12 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.19.12 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45337	LOW2.95	golang.org/x/crypto v0.14.0 fixed in 0.31.0	3.1% Low-Moderate Risk	Post-Exploit
CVE-2023-48795	LOW2.76	golang.org/x/crypto v0.14.0 fixed in 0.17.0	93.3% Actively Exploited	Post-Exploit
CVE-2023-45283	LOW2.7	stdlib v1.19.12 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Post-Exploit
CVE-2024-34156	LOW2.7	stdlib v1.19.12 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39821	LOW2.51	golang.org/x/net v0.17.0 fixed in 0.55.0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-22869	LOW2.29	golang.org/x/crypto v0.14.0 fixed in 0.35.0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-47913	LOW2.29	golang.org/x/crypto v0.14.0 fixed in 0.43.0	0.6% Theoretical Threat	Post-Exploit
CVE-2024-45338	LOW2.29	golang.org/x/net v0.17.0 fixed in 0.33.0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-22868	LOW2.29	golang.org/x/oauth2 v0.8.0 fixed in 0.27.0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.19.12 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.19.12 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.19.12 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39827	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.14.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.17.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.17.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.17.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.17.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.17.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.13.0 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.19.12 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.19.12 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.19.12 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.19.12 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable