Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

update: golang.org/x/oauth2 #1670

Open
dongsupark opened this issue Mar 3, 2025 · 1 comment
Open

update: golang.org/x/oauth2 #1670

dongsupark opened this issue Mar 3, 2025 · 1 comment
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

Name: golang.org/x/oauth2
CVEs: CVE-2025-22868
CVSSs: 7.5
Action Needed: update to >= 0.27.0

Summary: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

See also https://groups.google.com/g/golang-announce/c/wImnF7NFhJE.

refmap.gentoo: TBD
@dongsupark dongsupark added advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns labels Mar 3, 2025
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Mar 3, 2025
@tormath1
Copy link
Contributor

tormath1 commented Mar 4, 2025
edited
Loading

Nebraska update: flatcar/nebraska#959

@dongsupark dongsupark moved this from 🪵Backlog to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Mar 4, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
Flatcar tactical, release planning, and roadmap
Status: ⚒️ In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dongsupark @tormath1