VDB
GO-2025-4188
GO-2025-4188
PUBLISHED
CVSS 8.699999809265137 HIGH
Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | sirupsen/logrus | 0, 1.9.0, 1.9.2 |
Timeline
- Dec 15, 2025 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-4f99-4q7p-p3gh advisory
- https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7 patch
- https://github.com/sirupsen/logrus/pull/1376 patch
- https://github.com/sirupsen/logrus/issues/1370 report
- https://github.com/mjuanxd/logrus-dos-poc url
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md url
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 url
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 url
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 url
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 url