x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2025-1087 #3677

GoVulnBot · 2025-05-09T13:01:28Z

Advisory CVE-2025-1087 references a vulnerability in the following Go modules:

Module
github.com/Kong/insomnia

Description:
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-1087
WEB: https://github.com/Kong/insomnia

Cross references:

github.com/Kong/insomnia appears in 1 other report(s):
- data/excluded/GO-2023-2100.yaml (x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2023-40299 #2100) NOT_GO_CODE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/Kong/insomnia
      vulnerable_at: 7.1.1+incompatible
summary: CVE-2025-1087 in github.com/Kong/insomnia
cves:
    - CVE-2025-1087
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-1087
    - web: https://github.com/Kong/insomnia
source:
    id: CVE-2025-1087
    created: 2025-05-09T13:01:25.078149244Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

GoVulnBot added NeedsTriage cve-year-2025 labels May 9, 2025

thatnealpatel added possibly not Go triaged and removed NeedsTriage labels May 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2025-1087 #3677

x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2025-1087 #3677

x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2025-1087 #3677

x/vulndb: potential Go vuln in github.com/Kong/insomnia: CVE-2025-1087 #3677

Comments