VDB
GO-2025-3511
GO-2025-3511
PUBLISHED
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries in github.com/deislabs/ratify
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | deislabs/ratify | 0, 0 |
| github.com | ratify-project/ratify | 1.3.0, 1.3.0 |
Timeline
- Mar 13, 2025 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-27403 advisory
- https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f patch
- https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c patch