{"uuid": "964ab6eb-616d-40a2-9443-948f37fb7790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1243", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3998", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1243\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in\u00a0information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025)  with a proxy leveraging the api-go library before version 1.44.1.\n\nOther data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted.\n\ud83d\udccf Published: 2025-02-12T03:31:14Z\n\ud83d\udccf Modified: 2025-02-12T03:31:14Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-1243\n2. https://github.com/temporalio/api-go/releases/tag/v1.44.1\n3. https://temporal.io/blog/announcing-a-new-operation-workflow-update", "creation_timestamp": "2025-02-12T04:08:33.000000Z"}