This project references viper 1.8.1 which was direct using github.com/bketelsen/crypt v0.0.4 which was imported older versions leading to import github.com/miekg/dns v1.0.14 which suffers a CVE fixed since version 1.1.25 (latest version is v1.1.43).

Upgrading to viper 1.9.0 would remove the dependency to github.com/bketelsen/crypt and the indirectly imported dns module version suffering the CVE.