PkgRadar

Go modules · proxy.golang.org

sigs.k8s.io/provider-aws-test-infra

DNS / OAST exfiltration: matched "dig $(curl -s -f -m 1 http://169.254.169.254/latest/meta-data/instance-id/).ec2.internal +short) $("

Why PkgRadar flagged v0.1.1-0.20260609023143-66f167b94ab2

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "dig $(curl -s -f -m 1 http://169.254.169.254/latest/meta-data/instance-id/).ec2.internal +short) $(" · sigs.k8s.io/[email protected]/config/ubuntu2404.yaml

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.1.1-0.20260609023143-66f167b94ab2High risk302026-06-10
v0.0.0-20260609023143-66f167b94ab2High risk302026-06-10
v0.1.1-0.20260607022629-ebe4c7dbe47fHigh risk302026-06-08
v0.1.1-0.20260605022158-bbbfd2375654High risk302026-06-06
v0.0.0-20260605022158-bbbfd2375654High risk302026-06-06
v0.1.1-0.20260603022544-d76df8e882acHigh risk302026-06-04
v0.0.0-20260603022544-d76df8e882acHigh risk302026-06-04
v0.0.0-20260602164546-dbc743d7741fHigh risk302026-06-03
v0.1.1-0.20260531022247-6868b26412e0High risk302026-06-01
v0.0.0-20260531022247-6868b26412e0High risk302026-06-01
v0.0.0-20260529023245-a5e664aec06dHigh risk302026-05-30
v0.1.1-0.20260529023245-a5e664aec06dHigh risk302026-05-30
v0.1.1-0.20260527231447-60efde278215High risk302026-05-30

Block this in CI

PkgRadar gates sigs.k8s.io/provider-aws-test-infra (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go sigs.k8s.io/[email protected]
Start free — 25 scans / moView full evidence