Skip to content

Outdated and vulnerable golang x/net version #76

New issue
New issue
Closed
Closed
Outdated and vulnerable golang x/net version#76
Labels
area/dependencyIssues or PRs related to dependency changes
@jperezdealgaba

Description

@jperezdealgaba
jperezdealgaba
opened on May 15, 2024

Hello!

We are using ansible-operator-plugins for some internal developments and after performing SAST on the project we noticed that that the used x/net version is vulnerable to several attacks:

✗ High severity vulnerability found in golang.org/x/net/http2
Description: Allocation of Resources Without Limits or Throttling
Info: LINK
Introduced through: golang.org/x/net/http2@v0.20.0
From: golang.org/x/net/http2@v0.20.0
Fixed in: 0.23.0
CVE: LINK

Would it be possible that the x/net version is updated to the most recent version? Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/dependencyIssues or PRs related to dependency changes

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions