Recent updates to Go versions 1.18.1 and 1.17.9 have addressed a stack overflow vulnerability in the encoding/pem package's Decode function, known as CVE-2022-24675. This vulnerability, which has existed for at least eight years, can cause a Denial of Service (DoS) when the Decode function processes a large buffer with malformed PEM data. Although exploiting the vulnerability requires specific conditions, the process itself is straightforward, potentially disrupting targeted applications. The vulnerability affects all Go versions up to 1.18.0 or 1.17.8, particularly those using the Decode function for malformed data. The issue arises from a recursive call to the Decode function, leading to stack exhaustion, and has been patched by removing this recursion. While the JFrog DevOps platform is not affected, users are advised to upgrade to the latest Go versions or apply the patch to mitigate the risk. JFrog continues to offer security insights and automated vulnerability scanning for developers through its JFrog Xray tool and security research updates.