Skip to content

package golang.org/x/net is vulnerable #1710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sm171190 opened this issue Feb 7, 2025 · 5 comments
Closed

package golang.org/x/net is vulnerable #1710

sm171190 opened this issue Feb 7, 2025 · 5 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@sm171190
Copy link

sm171190 commented Feb 7, 2025
edited
Loading

Latest release of kubectl uses a vulnerable version of golang.org/c/net (v0.30.0).
(We should be using something higher than v0.33.0.
I see that master is using v0.33.0. Maybe we can make a release off of it ?

https://access.redhat.com/security/cve/cve-2024-45338
@sm171190 sm171190 added the kind/bug Categorizes issue or PR as related to a bug. label Feb 7, 2025
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Feb 7, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sm171190 sm171190 changed the title packagw golang.org/x/net is vulnerable package golang.org/x/net is vulnerable Feb 7, 2025
@ardaguclu
Copy link
Member

kubectl uses x/net 1.33 version

kubectl/go.mod

Line 85 in 2fd8e36

golang.org/x/net v0.33.0 // indirect

/close

@k8s-ci-robot
Copy link
Contributor

@ardaguclu: Closing this issue.

In response to this:

kubectl uses x/net 1.33 version

kubectl/go.mod

Line 85 in 2fd8e36

golang.org/x/net v0.33.0 // indirect

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sm171190
Copy link
Author

sm171190 commented Feb 7, 2025

kubectl uses x/net 1.33 version

kubectl/go.mod

Line 85 in 2fd8e36

golang.org/x/net v0.33.0 // indirect
/close

That is the master branch, not the release tag

@ardaguclu
Copy link
Member

You can get more information from kubernetes/kubernetes#129349

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ardaguclu @k8s-ci-robot @sm171190