Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2024-45337 in golang.org/x/crypto #3891

Closed
3 tasks done
MoeBensu opened this issue Dec 18, 2024 · 1 comment
Closed
3 tasks done

CVE-2024-45337 in golang.org/x/crypto #3891

MoeBensu opened this issue Dec 18, 2024 · 1 comment

Comments

@MoeBensu
Copy link
Contributor

MoeBensu commented Dec 18, 2024

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.

Version

2.41. and latest master (#d521051)

Storage Type

Kubernetes

Installation Type

Official container image

Expected Behavior

High/Critical vulnerability-free docker image

Actual Behavior

Running trivy image -v dexidp/dex:latest-alpine

Screenshot 2024-12-18 at 13 19 09

Steps To Reproduce

run trivy scan on any current dex image

Additional Information

A fix is available in v0.31.0. Gomplate also had a new release v4.3.0 with a fix for the CVE.
Could you please assess whether dex is affected by this critical CVE in golang.org/x/crypto or a dependency used in dex? Thank you!

Configuration

No response

Logs

No response

@MoeBensu
Copy link
Contributor Author

Resolved with 3e90ce9 and 477e1b6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant