CVE-2025-11579

[aep-sunlife]

Snyk reports a vulnerability CVE-2025-11579 in the jfrog-client-go library, arising from a github.com/nwaples/rardecode dependency.

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNWAPLESRARDECODE-13537507

Why does a REST client need a RAR library at all?

[RemiBou]

It's a medium security issue, from an indirect dependency. We'll evaluate to bump it, in the mean time if you use this library you can also bump the indirect dependency on your project.