PkgRadar

Go modules · proxy.golang.org

github.com/kubernetes-sigs/provider-aws-test-infra

DNS / OAST exfiltration: matched "dig $(curl -s -f -m 1 http://169.254.169.254/latest/meta-data/instance-id/).ec2.internal +short) $("

Why PkgRadar flagged v0.0.0-20250227142026-0b78c4c24c3d

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "dig $(curl -s -f -m 1 http://169.254.169.254/latest/meta-data/instance-id/).ec2.internal +short) $(" · github.com/kubernetes-sigs/[email protected]/config/ubuntu2204.yaml

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20250227142026-0b78c4c24c3dHigh risk302026-06-09
v0.1.1-0.20250227142026-0b78c4c24c3dHigh risk302026-06-09
v0.1.1-0.20260607022629-ebe4c7dbe47fHigh risk302026-06-09
v0.0.0-20260607022629-ebe4c7dbe47fHigh risk302026-06-09
v0.1.0High risk302026-06-09

Block this in CI

PkgRadar gates github.com/kubernetes-sigs/provider-aws-test-infra (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/kubernetes-sigs/[email protected]
Start free — 25 scans / moView full evidence