Skip to content

Bump golang.org/x/crypto to v0.37.0#2

Open
aivarasko wants to merge 1 commit into
poupas:mainfrom
NethermindEth:fix/crypto-lib-2
Open

Bump golang.org/x/crypto to v0.37.0#2
aivarasko wants to merge 1 commit into
poupas:mainfrom
NethermindEth:fix/crypto-lib-2

Conversation

@aivarasko

Copy link
Copy Markdown
Contributor

Fix for:

│       Library       │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                         Title                         │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2025-22869 │ HIGH     │ fixed  │ v0.31.0           │ 0.35.0        │ golang.org/x/crypto/ssh: Denial of Service in the Key │
│                     │                │          │        │                   │               │ Exchange of golang.org/x/crypto/ssh                   │
│                     │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-22869            │
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘```

Also, golang.org/x/crypto v0.37.0 needs at least Go 1.23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant