update: golang.org/x/net #1602
Comments
github-project-automation
bot
moved this to 📝 Needs Triage
in Flatcar tactical, release planning, and roadmap
dongsupark
moved this from 📝 Needs Triage
to 🪵Backlog
in Flatcar tactical, release planning, and roadmap
This was referenced Jan 2, 2025
|
Closing this as the update has been done on affected repos. |
github-project-automation
bot
moved this from 🪵Backlog
to Implemented
in Flatcar tactical, release planning, and roadmap
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name: golang.org/x/net
CVEs: CVE-2024-45338
CVSSs: n/a
Action Needed: update to >= 0.33.0
Summary: x/net/html: non-linear parsing of case-insensitive content. Version v0.33.0 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.
See also https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA.
Unfortunately for some reason dependabot is not able to automatically create an update PR for affected repos.
refmap.gentoo: TBD
The text was updated successfully, but these errors were encountered: