6.1
CVSS V3
Status
Justification
Impact
Prometheus ships a Go (Golang) library with a versioning scheme that follows the 0.x format. However, the Prometheus application itself uses a versioning scheme based on 1.x, 2.x, etc. The vulnerability identified in CVE-2019-3826 is specifically associated with the Prometheus application, not the Golang library.
Status
Justification
Impact
This vulnerability is an XSS flaw in the Prometheus server and is not affecting this package which uses the library code.