Skip to content

Security: golang.org/x/crypto v0.50.0 and x/net v0.53.0 have 15 HIGH CVEs in envoy-gateway binary (v1.8.1) #9371

Description

@palaksingi2324-art

Affected versions: v1.8.0, v1.8.1
Binary: usr/local/bin/envoy-gateway (gobinary)
Scanner: Trivy v0.71

Vulnerable dependencies:

Library Installed Fix Version CVE Count
golang.org/x/crypto v0.50.0 v0.52.0 9 HIGH
golang.org/x/net v0.53.0 v0.55.0 6 HIGH

Key CVEs:

Request: Please bump golang.org/x/crypto to v0.52.0+
and golang.org/x/net to v0.55.0+ in the next patch release.

Can we get it fixed ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions