Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/crossplane/crossplane: GHSA-7h65-4p22-39j6 #3219

Open
GoVulnBot opened this issue Oct 25, 2024 · 0 comments
Open

x/vulndb: potential Go vuln in github.com/crossplane/crossplane: GHSA-7h65-4p22-39j6 #3219

GoVulnBot opened this issue Oct 25, 2024 · 0 comments

Comments

@GoVulnBot
Copy link

Advisory GHSA-7h65-4p22-39j6 references a vulnerability in the following Go modules:

Module
github.com/crossplane/crossplane

Description:
A critical vulnerability was reported in the versions of golang that Crossplane depends on. Details of the golang vulnerability are included below. Crossplane does not directly use the vulnerable functions from the net/netip package, but the version of golang libraries, runtime, and build tools have still been updated as part of this security advisory nonetheless.

Critical Vulnerabilities
Vulnerability: CVE-2024-24790, golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Description: The various Is met...

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/crossplane/crossplane
      non_go_versions:
        - introduced: TODO (earliest fixed "1.17.2", vuln range "= 1.17.1")
        - introduced: TODO (earliest fixed "1.16.3", vuln range "= 1.16.2")
        - introduced: TODO (earliest fixed "1.15.6", vuln range "= 1.15.5")
      vulnerable_at: 1.17.2
summary: |-
    github.com/crossplane/crossplane: Unexpected behavior from Is methods for
    IPv4-mapped IPv6 addresses
ghsas:
    - GHSA-7h65-4p22-39j6
references:
    - advisory: https://github.com/advisories/GHSA-7h65-4p22-39j6
    - advisory: https://github.com/crossplane/crossplane/security/advisories/GHSA-7h65-4p22-39j6
notes:
    - fix: 'module merge error: could not merge versions of module github.com/crossplane/crossplane: invalid or non-canonical semver version (found TODO (earliest fixed "1.17.2", vuln range "= 1.17.1"))'
source:
    id: GHSA-7h65-4p22-39j6
    created: 2024-10-25T20:01:24.799520288Z
review_status: UNREVIEWED
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoVulnBot