Vulnerability Reportprom/statsd-exporter:v0.26.1

prom/statsd-exporter:v0.26.1
DIGESTsha256:065c4d566c4ca1f0dacdc4247c2446a2c5514d7c222972445c60d1c08482b005

Executive Summary

Threat Score
83/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. The top vulnerabilities include CVE-2024-24790 (IP validation bypass, CVSS 7.84) and CVE-2023-45288 (HTTP/2 DoS, CVSS 7.8), both remotely exploitable without authentication. Additionally, CVE-2025-61726 allows memory exhaustion via crafted query parameters, directly impacting the metrics endpoint. Disabling HTTP/2 can fully mitigate CVE-2023-45288, but the other critical issues remain. Note that CVE-2024-24790 may require specific IPv6 configurations to be exploitable, but the risk is still unacceptable for production use.

Vulnerabilities

Vulnerability Log

86 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-24790HIGH7.84
stdlib
v1.21.8
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-45288HIGH7.8
golang.org/x/net
v0.20.0
fixed in 0.23.0
92.0%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-45288HIGH7.8
stdlib
v1.21.8
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2025-68121MEDIUM6.8
stdlib
v1.21.8
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.20.0
fixed in 0.53.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61726MEDIUM6.38
stdlib
v1.21.8
fixed in 1.24.12, 1.25.6
0.8%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-33811MEDIUM6.38
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.21.8
fixed in 1.23.12, 1.24.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.21.8
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.21.8
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.21.8
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.20.0
fixed in 0.38.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.21.8
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.21.8
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM5.1
stdlib
v1.21.8
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-34155MEDIUM5.02
stdlib
v1.21.8
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.21.8
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.21.8
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.21.8
fixed in 1.23.8, 1.24.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.21.8
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.18.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.18.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.20.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.20.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.21.8
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.21.8
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.21.8
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39821MEDIUM4.18
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
golang.org/x/net
v0.20.0
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.21.8
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.21.8
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.18.0
fixed in 0.31.0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-34156LOW2.7
stdlib
v1.21.8
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-22869LOW2.29
golang.org/x/crypto
v0.18.0
fixed in 0.35.0
0.9%
Theoretical Threat
Post-Exploit
CVE-2025-47913LOW2.29
golang.org/x/crypto
v0.18.0
fixed in 0.43.0
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-45338LOW2.29
golang.org/x/net
v0.20.0
fixed in 0.33.0
0.9%
Theoretical Threat
Post-Exploit
CVE-2025-22868LOW2.29
golang.org/x/oauth2
v0.16.0
fixed in 0.27.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-61729LOW2.29
stdlib
v1.21.8
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-32280LOW2.29
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-32281LOW2.29
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-32283LOW2.29
stdlib
v1.21.8
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-58183LOW2.29
stdlib
v1.21.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-61728LOW2.29
stdlib
v1.21.8
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.21.8
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39827NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39835NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-46597NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39831NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39832NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39833NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39834NONE0
golang.org/x/crypto
v0.18.0
fixed in 0.52.0
0.5%
Theoretical Threat
Not Applicable
CVE-2026-25680NONE0
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-25681NONE0
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-27136NONE0
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-42502NONE0
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-42506NONE0
golang.org/x/net
v0.20.0
fixed in 0.55.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.16.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.21.8
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.21.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.21.8
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.21.8
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable